Russian hackers use a new scheme to “hack” Ukrainians
Russian hackers are using the situation with Kyivstar’s outage to send emails with viruses and malware.
This was reported by the press service of the State Special Communications Service.
Recently, the agency’s specialists discovered a massive email distribution with the subject “debts under the Kyivstar contract” and the attachment “Subscriber’s debt.zip”. The emails were sent from servers located in Malaysia and not related to Kyivstar.
In addition, the service recorded the distribution of letters with the subject “SBU request” and attachments in the form of an archive “Documents.zip.” It contains the password-protected RAR archive “Request.rar” with the executable file “Request.exe”.
In both cases, opening the archive and running the file leads to the infection of the gadget with the RemcosRAT remote access program used by the Russian group UAC-0050.
“This is not the first such attack by the group. Recently, the cybercriminals have been sending out letters about “legal claims” and “debts.” The attack targeted users in Ukraine and Poland,” the State Special Communications Service said.
