Phishing attack campaign against Ukraine thwarted | SC Media – SC Media

0 minutes, 43 seconds Read

Ukrainian military entities were targeted in a now-disrupted month-long phishing attack campaign by Russia-linked threat operation FlyingYeti, also known as UAC-0149, that deployed the COOKBOX malware with cmdlet loading and execution capabilities, reports The Hacker News.

Attacks involved the distribution of malicious emails with payment- and debt restructuring-related lures meant to encourage downloads of a Microsoft Word file from a spoofed Kyiv Komunalka website, which verifies an HTTP request to a Cloudflare Worker before fetching a RAR archive file that then exploits the WinRAR flaw, tracked as CVE-2023-38831, to facilitate COOKBOX malware execution, according to a Cloudflare report.

Such findings come amid separate warnings by Ukraine’s Computer Emergency Response Team regarding escalating phishing attacks by the UAC-0006 threat group involving SmokeLoader malware deployment, as well as the UAC-0188 threat operation’s use of a trojanized Minesweeper game to distribute SuperOps Remote Monitoring and Management software.

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts