On August 12, the Governmental Computer Emergency Response Team of Ukraine (CERT-UA) detected a massive distribution of emails with malware, allegedly sent on behalf of the Security Service of Ukraine.
The emails contain a link to download a file named “Documents.zip”, but in fact, clicking on the link initiates the download of an MSI file, the opening of which will lead to the launch of the ANONVNC malware, which allows attackers to gain hidden unauthorized access to the victim’s computer.
CERT-UA has already detected more than 100 affected computers, including those of government agencies and local governments. Related cyberattacks have been carried out at least since July 2024 and may have a wider geography; only in the directories of the pCloud file service, starting from 08/01/2024, more than a thousand EXE and MSI files have been posted (other indicators not related to the campaign of 08/12/2024 are added to the article).
CERT-UA took immediate measures to reduce the likelihood of the cyber threat being realized.
The State Special Communications Service of Ukraine urges to be especially attentive and immediately contact CERT-UA in case of suspicious activity.
The post Hackers distribute malware on behalf of the SSU first appeared on HiTechExpert.top.