According to Ukrinform, the CERT-UA government team announced it on Facebook.

“Ukraine’s Computer Emergency Response Government Team CERT-UA received information from a participant in the exchange of information on the mass distribution of e-mails, especially among Ukrainian media outlets (radio stations, newspapers, news agencies and others) on the topic” Link to interactive maps LIST ». More than 500 email addresses of recipients have been identified,” he said.

It is stated in the attachment that the letter contains the document “LIST_of_links_interactive_maps.docx”, opening this document will load the HTML file and run the JavaScript code, which will enable the EXE file to be downloaded and executed. “2.txt” classified as CrescentImp malware.

Experts state that attackers continue to exploit the CVE-2022-30190 vulnerability, and government agencies are increasingly resorting to emails from compromised email addresses.

“If signs of deterioration are detected in the given indicators, please inform immediately. The activity is monitored by UAC-0113 (with an average level of confidence associated with the Sandworm group) “, – said in a statement.

As Ukrinform reported, more than 3,000 mobile operator base stations in Ukraine were completely or partially shut down, and more than 20% of the telecommunications infrastructure was damaged or destroyed as a result of the Russian Federation’s military offensive against Ukraine.