What is known about the new hacker attack

Hackers send e-mails with dangerous content from compromised e-mail boxes of government agencies. A characteristic feature of such letters is the topic “Joint official report on the humanitarian situation. Ukraine”.

A file with the XLS extension “Ukraine’s humanitarian disaster since February 24, 2022” was attached to the email. It is worth noting that Microsoft Excel spreadsheet documents have this extension.

What harm can a dangerous file do?

This document contains macros that cause baseupd.exe to run. This causes the computer to become infected with a virus. Cobalt Attack Mark.

cobalt strike It is a commercial tool with an operation and post-operation focus, created for pentesters and the red team (experts involved in the security assessment of computer systems). Unfortunately, this program has been used by hackers for attacks for some time. It is worth noting that Cobalt Strike is not available to ordinary small-time hackers, but is often used by government APT groups (hacker units that constantly pose a serious threat to an enemy or target).

The price to install Cobalt Strike reaches $3,500.

How to protect yourself from a cyber attack

If you noticed a letter in your mailbox with the above-mentioned subject and filename – in no case do not download or open this document. It’s best to take it out of the box right away to avoid accidentally encountering it again.

In addition, CERT-UA strongly recommends government agencies to introduce the use of multi-factor authentication for email.

Who is behind the hacker attack?

In CERT-UA, based on the tactics used, the hacker attack is associated with the group UAC-0056.

Department experts are reportedly taking measures to create conditions for e-mail account hijacking and block the malicious program’s management server.