Ukrainian authorities warn of a cyberattack on government document management system

Ukrainian authorities warn of a cyberattack on government document management system

The National Coordination Center for Cybersecurity (NCCC) under the National Security and Defense Council of Ukraine (NSDC) has warned of a cyber attack aimed at the System of Electronic Interaction of Executive Bodies (SEI EB), a system used by the Ukrainian government agencies to share documents between each other.

According to a statement published by Ukraine's National Security and Defense Council, the agency has detected attempts to spread malware-laden e-documents via SEI EB, with the attackers’ goal being "the mass contamination of information resources of public authorities."

“The malicious documents contained a macro that secretly downloaded a program to remotely control a computer when opening the files. The methods and means of carrying out this cyberattack allow to connect it with one of the hacker spy groups fr om the Russian Federation,” the statement reads.

Based on its scenario, the officials believe that the breach attempt was a so-callled supply-chain attack wh ere hackers try to gain access to target organization via vulnerabilities in tools and services it uses.

NSDC did not attribute the attack to a specific Russia-linked APT group, but it provided IoCs (Indicators of Compromise) related to the breach. They are as follows:

  • Domains: enterox.ru

  • IP addresses: 109.68.212.97

  • Link (URL): http://109[.]68[.]212[.]97/infant[.]php

Back to the list

Latest Posts

UNC6148 threat actor actively targets outdated and patched SonicWall devices

UNC6148 threat actor actively targets outdated and patched SonicWall devices

The group is using stolen credentials and OTP seeds to regain access to devices even after security updates have been applied.
17 July 2025
Google patches Chrome zero-day allowing sandbox escape

Google patches Chrome zero-day allowing sandbox escape

The flaw stems from insufficient validation of untrusted input in ANGLE and GPU.
16 July 2025
Ukrainian police dismantle major server network used for malware distribution

Ukrainian police dismantle major server network used for malware distribution

Authorities identified a 33-year-old French national as the organizer of the illegal operation.
16 July 2025