CERT-UA Alerts to New Phishing Attacks Linked to Vermin Using PoW Bait

The Computer Emergency Response Team of Ukraine (CERT-UA) has detected new phishing efforts that aim to infect devices with malware.

New phishing attempts that seek to infect devices with malware have been alerted to by the Computer Emergency Response Team of Ukraine (CERT-UA). The behavior has been linked to UAC-0020, commonly known as Vermin, a threat cluster that it tracks. We don’t yet know the precise size and reach of the strikes. Phishing emails, including images of purported prisoners of war (PoWs) from the Kursk region, are the first step in the attack chain. The communications ask the target to click on a link that leads to a ZIP file. An obfuscated PowerShell script is launched by JavaScript code embedded in a Microsoft Compiled HTML Help (CHM) file found in the ZIP file.

CERT-UA stated that opening the file installs both the new malware known as FIRMACHAGENT and components of the known spyware known as SPECTR. “The purpose of FIRMACHAGENT is to retrieve the data stolen by SPECTR and send it to a remote management server.” Since 2019, the malware known as SPECTR has been connected to Vermin.

The gang is thought to have ties to the Luhansk People’s Republic’s (LPR) security services. CERT-UA published a report earlier in June that described SickSync, another campaign run by the Vermin actors that used SPECTR to target the nation’s defense forces. A feature-rich tool called SPECTR is made to gather a variety of data from several instant messaging apps, such as Element, Signal, Skype, and Telegram, including files, screenshots, credentials, and more.

Also read: At Jar, we’ve leveraged cutting-edge technology to enhance our platform’s efficiency and user-friendliness, says Nishchay Ag, Co-founder and CEO of Jar

Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.