6 April 2022

CERT-UA warns of Armageddon phishing attacks targeting government agencies in Ukraine, EU


CERT-UA warns of Armageddon phishing attacks targeting government agencies in Ukraine, EU

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued security advisories warning of phishing attacks attributed to the Russia-linked Armageddon (aka Gamaredon, Primitive Bear) advanced persistent threat (APT) group. In two separate cases the group launched phishing campaigns against Ukrainian government organizations and entities in European Union.

In attacks aimed at Ukraine, the treat actor distributed phishing emails ostensibly containing “Information on war criminals of the Russian Federation.” The emails, sent from “vadim_melnik88@i[.]ua”, contain an HTML attachment, which, when opened, would ultimately infect a victim’s device with espionage malware (GammaLoad.PS1).

The malicious campaign targeting various EU government officials, involved RAR archive attachments named “Assistance.rar”, and “Necessary_military_assistance.rar,” both containing malicious files named “List of necessary things for the provision of military humanitarian assistance to Ukraine.lnk”, “Providing military humanitarian assistance to Ukraine.lnk.” As in the case described above, opening those files would infect a victim’s device with malware.

Armageddon has been linked to the Russian Federal Security Service and has a long history of cyberattacks against Ukraine. According to the Security Service of Ukraine, since the Russian aggression in 2014, the group has carried out over 5,000 cyberattacks and attempted to infect over 1,500 Ukraine’s government computer systems.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!

Back to the list

Latest Posts

Russia-linked Turla APT caught spying on entities in Austria, Estonia

Russia-linked Turla APT caught spying on entities in Austria, Estonia

The group targeted the Austrian Economic Chamber, the Baltic Defense College, and a NATO platform for cyber-espionage purposes.
27 May 2022
Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

The suspect registered 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware.
26 May 2022
US automaker General Motors hit with credential stuffing attack

US automaker General Motors hit with credential stuffing attack

Social Security numbers and driver’s license details weren’t compromised, the company said.
25 May 2022