The governmental emergency response team of Ukraine CERT-UA, operating under the State Service for Special Communications and Information Protection, warns of a mass mailing of dangerous emails with the subject line "LIST of links to interactive maps."

"Mailing lists are carried out, in particular, among Ukrainian media organizations (radio stations, newspapers, news agencies, and others). More than 500 recipient addresses have been identified. Emails contain an attachment in the form of a LIST of links to interactive maps.docx document, the opening of which may result in the download of the CrescentImp malware," the CERT-UA said on its website on Friday evening, June 10.

Experts warn that attackers are increasingly resorting to sending emails to compromised government email addresses.

The hacking activity is tracked by UAC-0113 (medium confidence associated with the Sandworm group).

This group was involved in organizing a large-scale hacker attack on the energy sector of Ukraine in April 2022.