Hackers from Russia send malicious files to collect information about Ukrainians
The State Special Communications Service and the CERT-UA Computer Emergency Response Team have said that hackers are distributing archives with the PseudoSteel virus. Ukrainians receive by mail the files “Information on the losses of servicemen of the Armed Forces of Ukraine.docx.exe” and “Losses-1001.docx”, which contain the file “googleupdate.exe”. When the virus enters the system, it starts searching for text and archive files with * .txt, * .doc, * .docx, * .pdf, * .xls, * .xlsx, * .ppt, * .pptx, * .odt, * .rtf, * .zip, * .rar, * .7z. It then uploads them to an external FTP server, after which the information becomes available to hackers.
CERT-UA experts link this attack to the activities of Russian hackers from the UAC-0010 group (Armageddon), which is linked to the FSB.
The head of the State Special Service Yuri Shchigol adds that the first cyberwar in the history of mankind is underway and the whole IT society of the world has united against the attempt to destroy our country by Russian troops.
CERT-UA warns that if you suspect that your computer or phone is malfunctioning or in case of detection of suspicious files, notify [email protected] and in no case open any files of an unknown person origin and do not follow questionable links.