Hackers are impersonating Ukranian drone manufacturers and state agencies to infect targeted systems with information-stealing malware, according to new government research. The targets of these attacks include Ukraine’s armed forces, law enforcement agencies and local government bodies — especially those near the country’s eastern border, which is close to Russia. To infect their targets, the hackers sent emails with malicious document attachments from compromised accounts, including webmail. Researchers have not provided many details about the attacks but have included examples of phishing emails, including one that lists pictures of drones allegedly offered for sale and another that looks like a schedule for demining in one of Ukraine’s cities. CERT-UA recently reported discovering at least three cyberattacks in March targeting Ukrainian government agencies and critical infrastructure with new spying malware dubbed Wrecksteel. In that campaign, the hackers used compromised accounts to send messages containing links to public file-sharing services, such as DropMeFiles and Google Drive. Ukraine’s computer emergency response team (CERT-UA), which has been tracking this activity since February, has not attributed the campaign to any known hacker group. The file names or subject lines of these emails often referenced topics like landmine clearance, administrative fines, drone production, or compensation for destroyed property. When opened, the links executed a PowerShell script, enabling attackers to extract text documents, PDFs, images and presentations, as well as take screenshots from infected devices. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. The second, named GiftedCrook, is designed to steal browser data — such as cookies, histor, and saved passwords — from Chrome, Edge and Firefox.
This Cyber News was published on therecord.media. Publication date: Mon, 07 Apr 2025 16:50:13 +0000