Fraud Management & Cybercrime , Social Engineering

Ukraine Warns Against Cyberespionage Campaign

State Agencies and Media Organizations Among the Victims
Ukraine Warns Against Cyberespionage Campaign
A Ukrainian scout in an undated photo (Image: Lviv Regional State Administration)

Ukrainian cyber defenders say they've identified a cyberespionage campaign active since mid-2022 that gained unauthorized access to "several dozen" computers.

See Also: OnDemand | Code Red: How KnowBe4 Exposed a North Korean IT Infiltration

Volodymyr Kondrashov, spokesperson for Ukraine's State Service of Special Communications and Information Protection tweeted Tuesday the campaign targets Microsoft Windows machines used by government agencies and media organizations.

The Computer Emergency Response Team of Ukraine in a Monday alert said the campaign uses phishing emails and text messages to distribute malicious HTML applications, executables, file archives and Window shortcuts in a bid to have victims download malware the CERT-UA dubs LonePage.

The malware is a PowerShell script that contacts a command-and-control server to download a file named upgrade.txt that executes the script's commands and exfiltrates data over HTTP.

The malicious code also downloads an info stealer for Chrome and Opera browsers that CERT-UA calls ThumbChop. Hackers behind the campaign might also download the Tor browser onto desktops or Secure Shell, "creating prerequisites for interactive unauthorized remote access to a computer."

In addition to the keylogger and info stealer, the hackers are also deploying additional malware variants dubbed SeaGlow and OverJam, CERT-UA added. The agency advised limiting the ability of end users to run script.exe, cscript.exe, powershell.exe and mshta.exe.

ThumbChop and LonePage are among a host of new info stealer malware variants discovered by the agency in recent months. The State Service of Special Communications and Information Protection in March said it had investigated 2,194 cyber incidents in 2022. The number of phishing attacks has gone down, the agency reported, although that doesn't eliminate the risk posed by social engineering and individuals "who fall victim to well-crafted phishing emails," the agency said (see: Ukraine Tracks Increased Russian Focus on Cyberespionage).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.