Another wave of cyber attacks affects the country's state institutions.
A new cyberattack on Ukrainian government agencies was carried out using Remcos, a remote access tool that is painfully familiar in research circles.
Remcos, developed by the German company Breaking Security, is a powerful Remote Access (RAT) software. It is advertised as a legitimate administrative tool, but hackers can use it to take full control of infected systems.
In a recent malware campaign, hackers reportedly sent phishing emails containing Remcos RAT attachments disguised as PDF files on behalf of the Security Service of Ukraine (SBU).
The fake emails contained demands to provide information allegedly important for the" national security " of the country, as well as the aforementioned malware. In the text of the letter, hackers warned their victims that if the recipients did not provide the necessary information within the specified time limit, they would be held accountable. This is a social engineering tactic often used by attackers to make the victim worry and lose their guard.
The UAC-0050 group, which has been active since 2020, is responsible for this malicious operation. It is aimed not only at Ukraine, but also at Russia and the Baltic states. In February, the group twice attacked Ukrainian state agencies using the Remcos spyware. In one case, hackers sent phishing emails, passing them off as official requests from the Kiev court. The purpose of the latest campaign of hackers is not known for certain, but, according to experts, it is most likely simple espionage.
Remcos RAT provides not only remote access, but is also able to collect data from target devices, including computer information and personal data of users. The program can bypass antivirus protection by working as a legitimate process in Windows, so it is often used by hackers for cyber espionage.
In the current geopolitical environment, such cyber attacks once again remind us to remain calm and vigilant, carefully analyzing all information before performing any actions. Attackers can deliberately pressure their victims, emphasizing the urgency of what is happening, but in reality this is just a clever trick to get valuable information.
A new cyberattack on Ukrainian government agencies was carried out using Remcos, a remote access tool that is painfully familiar in research circles.
Remcos, developed by the German company Breaking Security, is a powerful Remote Access (RAT) software. It is advertised as a legitimate administrative tool, but hackers can use it to take full control of infected systems.
In a recent malware campaign, hackers reportedly sent phishing emails containing Remcos RAT attachments disguised as PDF files on behalf of the Security Service of Ukraine (SBU).
The fake emails contained demands to provide information allegedly important for the" national security " of the country, as well as the aforementioned malware. In the text of the letter, hackers warned their victims that if the recipients did not provide the necessary information within the specified time limit, they would be held accountable. This is a social engineering tactic often used by attackers to make the victim worry and lose their guard.
The UAC-0050 group, which has been active since 2020, is responsible for this malicious operation. It is aimed not only at Ukraine, but also at Russia and the Baltic states. In February, the group twice attacked Ukrainian state agencies using the Remcos spyware. In one case, hackers sent phishing emails, passing them off as official requests from the Kiev court. The purpose of the latest campaign of hackers is not known for certain, but, according to experts, it is most likely simple espionage.
Remcos RAT provides not only remote access, but is also able to collect data from target devices, including computer information and personal data of users. The program can bypass antivirus protection by working as a legitimate process in Windows, so it is often used by hackers for cyber espionage.
In the current geopolitical environment, such cyber attacks once again remind us to remain calm and vigilant, carefully analyzing all information before performing any actions. Attackers can deliberately pressure their victims, emphasizing the urgency of what is happening, but in reality this is just a clever trick to get valuable information.
