Ukrainians warned of cyber attacks with photos of PoWs from Kursk Oblast

Economichna Pravda — Monday, 19 August 2024, 17:23

The CERT-UA government emergency computer response team has observed cyberattacks with hackers sending people email letters about prisoners of war from Kursk Oblast, Russia.

Source: press service of State Special Communications Service of Ukraine

Details: It should be noted that such mails include photos of claimed prisoners of war and links to the list_kursk.zip archive. The bundle contains a .CHM file called List of PoWs taken out. Kursk.

When you open this file, the SPECTR spyware components are downloaded to your computer, along with FIRMACHAGENT, which is used to upload stolen data to the server.

The attack was carried out by the organisation UAC-0020 (Vermin), which is affiliated with secret services in temporarily occupied Luhansk, Ukraine’s east.

CERT-UA recommends that users take following steps to defend themselves against such cyber threats:

  • To reduce the attack surface, restrict user account permissions by removing them from the Administrators/Administrators groups.
  • Use proper policies (SRP/AppLocker) to prevent users from accessing.CHM and powershell.exe files.

"If you suspect you have been a victim of a cyber attack, please contact CERT-UA immediately," the press service stated.

Background: 

  • On the evening of 16 August, a major DDOS attack was launched on monobank, one of Ukraine’s largest banks.
  • During the third consecutive day of cyber attacks, the financial institution received around 5.5 billion malicious requests.
  • The attack eventually came to an end after three days.
  • "In just three days, we received over 7.5 billion requests for our services. We never slowed down or stopped providing customer service," monobank’s CEO Oleh  Horokhovskyi remarked.

Support UP or become our patron!