The National Coordination Center for Cybersecurity (NCCC) under the National Security and Defense Council of Ukraine (NSDC) has warned of a cyber attack aimed at the System of Electronic Interaction of Executive Bodies (SEI EB), a system used by the Ukrainian government agencies to share documents between each other.
According to a statement published by Ukraine's National Security and Defense Council, the agency has detected attempts to spread malware-laden e-documents via SEI EB, with the attackers’ goal being "the mass contamination of information resources of public authorities."
“The malicious documents contained a macro that secretly downloaded a program to remotely control a computer when opening the files. The methods and means of carrying out this cyberattack allow to connect it with one of the hacker spy groups fr om the Russian Federation,” the statement reads.
Based on its scenario, the officials believe that the breach attempt was a so-callled supply-chain attack wh ere hackers try to gain access to target organization via vulnerabilities in tools and services it uses.
NSDC did not attribute the attack to a specific Russia-linked APT group, but it provided IoCs (Indicators of Compromise) related to the breach. They are as follows:
IP addresses: 18.104.22.168
Link (URL): http://109[.]68[.]212[.]97/infant[.]php