Ukraine Warns Against Cyberespionage CampaignState Agencies and Media Organizations Among the Victims
Ukrainian cyber defenders say they've identified a cyberespionage campaign active since mid-2022 that gained unauthorized access to "several dozen" computers.
Volodymyr Kondrashov, spokesperson for Ukraine's State Service of Special Communications and Information Protection tweeted Tuesday the campaign targets Microsoft Windows machines used by government agencies and media organizations.
The Computer Emergency Response Team of Ukraine in a Monday alert said the campaign uses phishing emails and text messages to distribute malicious HTML applications, executables, file archives and Window shortcuts in a bid to have victims download malware the CERT-UA dubs LonePage.
The malware is a PowerShell script that contacts a command-and-control server to download a file named
upgrade.txt that executes the script's commands and exfiltrates data over HTTP.
The malicious code also downloads an info stealer for Chrome and Opera browsers that CERT-UA calls ThumbChop. Hackers behind the campaign might also download the Tor browser onto desktops or Secure Shell, "creating prerequisites for interactive unauthorized remote access to a computer."
In addition to the keylogger and info stealer, the hackers are also deploying additional malware variants dubbed SeaGlow and OverJam, CERT-UA added. The agency advised limiting the ability of end users to run
ThumbChop and LonePage are among a host of new info stealer malware variants discovered by the agency in recent months. The State Service of Special Communications and Information Protection in March said it had investigated 2,194 cyber incidents in 2022. The number of phishing attacks has gone down, the agency reported, although that doesn't eliminate the risk posed by social engineering and individuals "who fall victim to well-crafted phishing emails," the agency said (see: Ukraine Tracks Increased Russian Focus on Cyberespionage).