Hackers impersonate Ukraine’s CERT to trick people into allowing computer access

Avatar

Ukrainian researchers have identified a new cyber campaign in which attackers posed as tech support from Ukraine’s computer emergency response team (CERT-UA) to gain unauthorized access to victims’ devices.

The intruders used AnyDesk, a legitimate remote desktop software, to establish remote access to their computers over the internet, according to CERT-UA’s latest report.

The hackers, whose identities remain unknown, sent connection requests via AnyDesk, claiming they were conducting a “security audit.”

CERT-UA confirmed that, in certain cases, it may use remote access tools like AnyDesk to assist victims in responding to cybersecurity incidents. However, this is done only “with prior agreement and through pre-approved communication channels,” the agency said.

“The attackers are once again using social engineering tactics that rely on trust and exploit authority,” researchers added.

CERT-UA didn’t provide many details about this campaign or the threat actor behind it, but stated that it is likely the victim’s AnyDesk identifier was previously compromised, including on other computers where such remote access was once authorized.

Read More: Russian ransomware hackers increasingly posing as tech support on Microsoft Teams

The hackers, mostly affiliated with Russia, often disguise themselves as Ukrainian state agencies or impersonate official apps and websites to compromise their victims.

In a campaign in December, the Russian state-sponsored threat actor Sandworm targeted Ukrainian soldiers through fraudulent websites that mimicked the official page of a Ukrainian military app.

Earlier last month, suspected Russian hackers targeted Ukrainian military and defense enterprises with phishing emails disguised as invitations to a legitimate defense conference in Kyiv.

The number of cyberattacks targeting Ukraine is growing, according to the latest data. Over the past year, CERT-UA detected more than 4,300 cyber incidents, an increase of nearly 70% compared to the previous year.

The vast majority of incidents involved the spread of malicious software, intrusion attempts and information gathering. The primary initial vector for attacks was the use of compromised accounts and the distribution of malware via email, researchers said.

GovernmentCybercrimeNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Russian ransomware hackers increasingly posing as tech support on Microsoft Teams

Next Post

TSA chief behind cyber directives for aviation, pipelines and rail ousted by Trump team

Related Posts

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to
Avatar
Read More

The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats

The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it can
Avatar
Read More