Russian hackers carrying out new cyberattack on Ukraine using theme of occupied Kherson
The Government Cyber Incident Response Team (CERT-UA), which functions as part of the Cyber Defense center of the State Service of Special Communications and Information Protection of Ukraine, reports that Russian hackers of the UAC-0010 (Armageddon) group are carrying out a cyber attack on Ukraine using the theme of occupied Kherson.
"The government response team to computer emergency events of Ukraine CERT-UA received information about the fact of sending emails with the subject ‘About holding a revenge protest campaign in Kherson!’" containing attachments in the form of a file "Plan Херсон.htm," the message says.
It clarifies that the HTM file provides decoding and creation of a file on the user's computer "Herson.rar ", containing a file-label "Plan of approach and laying of explosives on objects of critical infrastructure of Kherson.lnk".
"The mentioned LNK file, if opened, will ensure the download and launch of the HTA file "precarious.xml ", which will lead to the creation and execution of files ‘desktop.txt’ and ‘user.txt.’ As a result, the GammaLoad.PS1_v2 will be downloaded to the computer.PS1_v2 (a mechanism for taking a screenshot and sending it to the management server has been implemented)," the State Communications Service stressed.