In case the user is tricked to open the document and enable an embedded macro, a malicious “write.exe” file is executed on the infected instance. The attack kill chain starts with a phishing email containing military-related lures and having a malicious XLS document attached. The latest cyber-attack reported by CERT-UA shares similarities with the previous incident leveraging the same attack vector and applying the identical behavior patterns that can be attributed to the activity of the UAC-0056 group. Cobalt Strike Beacon Distribution: CERT-UA Details the Latest UAC-0056 Attack Against UkraineĮarlier, in March 2022, CERT-UA researchers observed the activity of the UAC-0056 hacking group spreading Cobalt Strike Beacon along with other malware strains in a phishing campaign against Ukrainian government entities. The ongoing cyber-attack involves the mass distribution of emails with a lure subject and an XLS file attachment containing a malicious macro that leads to spreading Cobalt Strike Beacon malware infection on a compromised system. On July 6, 2022, CERT-UA released an alert warning of a new malicious email campaign targeting Ukrainian government entities. The notorious Cobalt Strike Beacon malware has been actively distributed by multiple hacking collectives in spring 2022 as part of the ongoing cyber war against Ukraine, mainly leveraged in targeted phishing attacks on Ukrainian state bodies. Detecting UAC-0056 Activity: Sigma Rules to Spot New Attacks Against Ukrainian Government.Cobalt Strike Beacon Distribution: CERT-UA Details the Latest UAC-0056 Attack Against Ukraine.
0 kommentar(er)
