Hackers Posing as Ukrainian Ministry Deploy Info StealersSpoofed Polish Police Websites Also Found
Ukrainian and Polish cyber defenders are warning against a slew of phishing websites that mimic official sites, in particular a page that mimics the Ministry of Foreign Affairs of Ukraine.
A hacking group likely comprised of Russian speakers uses the pages to lure users into downloading software putatively for "scanning infected PCs on viruses."
The Computer Emergency Response Team of Ukraine tracks the threat group as UAC-0114, aka Winter Vivern. The downloaded software executes several PowerShell scripts, one of which scans for files including Microsoft Office documents, PDFs, log files and Remote Desktop Connection Manager configuration. The malware also takes screenshots, exfiltrates data and establishes persistence.
The threat group has copied web pages of the Security Service of Ukraine and the Polish Police. Poland, a key Ukrainian ally and staging ground for military aid, has contended with an increase in hostile Russian activity in cyberspace following Russia's February 2022 invasion of Ukraine.
Close observers of Russian activity in Ukrainian cyberspace have concluded that Moscow's main objective there is intelligence collection rather than destruction.
The United States on Friday announced an additional $2 billion in security assistance for Ukraine, including additional ammunition for High Mobility Artillery Rocket Systems, anti-aircraft weapons and technology to counter unmanned aerial systems.