24 July 2024

Belarusian hackers target project offices and local government bodies in Ukraine


Belarusian hackers target project offices and local government bodies in Ukraine

The Ukrainian governmental response team, CERT-UA, has observed a surge in activity from a Belarusian hacker group tracked as UAC-0057 between July 12 and July 18.

The attackers deployed their typical combination of the PICASSOLOADER malware and the Cobalt Strike Beacon backdoor, distributing lure documents with malicious macros.

The content of the uncovered files ("oborona.rar," "66_oborona_PURGED.xls," "trix.xls," "equipment_survey_regions_.xls," "accounts.xls," "spreadsheet.xls," "attachment.xls," "Podatok_2024.xls") was related to local government reform (USAID/DAI project "HOVERLA"), taxation, and financial-economic indicators.

The discovered documents indicate the hackers' interest in financial-economic indicators, taxation, and local government reform.

Earlier this week, CERT-UA detailed a cyberattack orchestrated by the Russia-linked UAC-0063 group against a Ukrainian research institution that utilized malicious software known as Hatvibe and Cherryspy. In June 2024, numerous instances of Hatvibe backdoor installation were recorded, exploiting a vulnerability (CVE-2024-23692) in the HFS HTTP File Server software. The flaw is a template injection issue that can allow remote code execution.

Back to the list

Latest Posts

UAC-0185 targets Ukrainian defense forces and defense industry sector

UAC-0185 targets Ukrainian defense forces and defense industry sector

The emails included a malicious link, clicking on which triggered the download of malware.
9 December 2024
New malware botnet Socks5Systemz powers illegal proxy service

New malware botnet Socks5Systemz powers illegal proxy service

The botnet relies on loaders like PrivateLoader, SmokeLoader, and Amadey to persist on compromised systems.
9 December 2024
A new technique can bypass existing isolation mechanisms in modern browsers

A new technique can bypass existing isolation mechanisms in modern browsers

The method works across all types of browser isolation.
9 December 2024