Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

New Vermin Linked Phishing Campaign Unveiled

August 21, 2024
Reading Time: 2 mins read
in Alerts
New Vermin Linked Phishing Campaign Unveiled

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a new alert regarding a phishing campaign linked to the threat actor UAC-0020, commonly known as Vermin. The campaign leverages emotionally charged content, specifically photos of alleged prisoners of war (PoWs) from the Kursk region, to entice recipients into clicking a malicious link. The link directs victims to a ZIP archive that contains a Microsoft Compiled HTML Help (CHM) file. Once opened, the file executes a JavaScript code that triggers an obfuscated PowerShell script, initiating the malware infection process.

The attack installs two key components: the well-known spyware SPECTR and a newly identified malware strain called FIRMACHAGENT. SPECTR, which has been associated with Vermin since 2019, is a sophisticated tool designed to steal a wide range of sensitive information, including files, screenshots, credentials, and data from messaging apps such as Element, Signal, Skype, and Telegram. FIRMACHAGENT, on the other hand, plays a supporting role by retrieving the stolen data and transmitting it to a remote server controlled by the attackers.

Vermin’s activities have raised significant concerns due to its suspected links to the security agencies of the Luhansk People’s Republic (LPR). The group has been involved in numerous cyberattacks targeting Ukrainian entities, particularly in the context of the ongoing conflict in the region. Earlier in June 2024, CERT-UA detailed another Vermin-led campaign known as SickSync, which also deployed SPECTR to target Ukrainian defense forces.

The latest phishing campaign underscores the continued evolution and persistence of Vermin’s tactics, techniques, and procedures (TTPs). CERT-UA’s alert serves as a critical reminder for organizations and individuals to remain vigilant, particularly when encountering unsolicited emails with sensitive or provocative content. Enhanced security measures and awareness are crucial in defending against such sophisticated cyber threats.

Reference:

  • Computer Emergency Response Team of Ukraine Warns of New Vermin Phishing Campaign
Tags: August 2024CERT-UAComputer Emergency Response TeamCyber AlertsCyber Alerts 2024Cyber threatsKursk regionMicrosoftPhishingUAC-0020UkraineVermin
ADVERTISEMENT

Related Posts

Open VSX Flaw Allowed Extension Hijacks

Open VSX Flaw Allowed Extension Hijacks

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

nOAuth Flaw Allows Easy Account Takeover

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

Unpatchable Flaw In Hundreds Of Printers

June 27, 2025
New Malware Uses Prompts To Trick AI Tools

Fake Job Offers Hide North Korean Malware

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Malware Uses Prompts To Trick AI Tools

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

June 26, 2025

Latest Alerts

nOAuth Flaw Allows Easy Account Takeover

Unpatchable Flaw In Hundreds Of Printers

Open VSX Flaw Allowed Extension Hijacks

Fake Job Offers Hide North Korean Malware

New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

Subscribe to our newsletter

    Latest Incidents

    Hawaiian Airlines Hit By Cyberattack

    Qilin Ransomware Gang Hacks Estes Freight

    Generali Customer Data Exposed In Hack

    Resupply DeFi Protocol Hacked For $9.6M

    Cyberattack Hits South Tyrol Emergency Ops

    UK’s Glasgow City Council Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial