Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Phishing Campaign Targets Ukraine Govt

August 13, 2024
Reading Time: 2 mins read
in Alerts
Phishing Campaign Targets Ukraine Govt

CERT-UA has issued a critical warning regarding a phishing campaign linked to Russian threat actors, targeting Ukrainian government entities. The campaign, tracked as UAC-0198, has been active since July 2024 and involves attackers impersonating the Security Service of Ukraine (SSU). The phishing emails contain a link to download a file named “Documents.zip,” which, when clicked, triggers a dangerous malware infection. This campaign underscores the ongoing cyber threats facing Ukraine amid heightened geopolitical tensions.

Once the link in the phishing email is clicked, an MSI file is downloaded to the recipient’s computer. When this file is executed, it activates the ANONVNC malware, also known as MESHAGENT, a remote access tool derived from the open-source MeshAgent. This malware allows attackers to gain unauthorized control over the infected systems, enabling them to monitor and manipulate the compromised devices remotely. As of August 12, 2024, CERT-UA reported that over 100 computers within Ukrainian government and local government agencies had been compromised by the malware.

The scope of the attack appears to be expanding, with CERT-UA identifying thousands of malicious EXE and MSI files uploaded to pCloud directories since the beginning of August 2024. These indicators suggest that the campaign could have a broader geographic reach, potentially targeting other sectors or regions. CERT-UA continues to monitor the situation closely, providing updates and additional indicators of compromise to help organizations mitigate the threat.

This latest attack follows a surge in cyber activity by UAC-0006, a financially motivated threat group active since 2013. In May 2024, CERT-UA observed a significant increase in attacks by this group, targeting accountants’ systems in Ukraine to steal credentials and conduct unauthorized fund transfers. UAC-0006 has been distributing the SmokeLoader malware, which acts as a loader for additional malicious payloads, further complicating efforts to protect critical systems. The ongoing cyberattacks highlight the persistent and evolving nature of threats facing Ukraine’s digital infrastructure.

Reference:

  • Russia-Linked Phishing Campaign Targets Ukrainian Government with MESHAGENT
Tags: August 2024CERT-UACyber AlertsCyber Alerts 2024Cyber threatsGovernmentRussiaThreat ActorsUkraine
ADVERTISEMENT

Related Posts

hpingbot Botnet Uses Pastebin C2 Channel

APT36 Targets Indian Defense Linux Systems

July 7, 2025
hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

July 7, 2025
hpingbot Botnet Uses Pastebin C2 Channel

hpingbot Botnet Uses Pastebin C2 Channel

July 7, 2025
Malicious Firefox Add Ons Steal Crypto Keys

Malicious Firefox Add Ons Steal Crypto Keys

July 4, 2025
Google Removes 352 ‘IconAds’ Fraud Apps

Google Removes 352 ‘IconAds’ Fraud Apps

July 4, 2025
Browser Cache Attack Bypasses Web Security

Browser Cache Attack Bypasses Web Security

July 4, 2025

Latest Alerts

APT36 Targets Indian Defense Linux Systems

hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

Subscribe to our newsletter

    Latest Incidents

    Ransomware Attack Causes Outage at Ingram

    Call of Duty Players Hacked on Game Pass

    RansomHub Claims Theft of Coppell City Data

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial