On Aug. 12, Ukraine’s Computer Emergency Response Team (CERT-UA) discovered a mass distribution of emails carrying malicious software posing as the country’s Security Service (SSU).
The emails contain a link to download a file called “Document.zip” that, once clicked on, triggers a download of the MSI-file. This file launches a malware called ANONVNC that, when opened, allows attackers to gain unauthorized access to a victim’s device.
CERT-UA has identified more than 100 affected devices within central and local government bodies and urges everyone to be cautious and attentive. It recommends that users contact CERT-UA if suspicious of any activity.
The activity is tracked as UAC-0198, and CERT-UA is taking measure to mitigate the threat.