The Ukrainian government's IT emergency response team “CERT-UA” has been recording excessive activity from the UAC-0102 hacker group over the past month.
11 0
Photo – gettyimages.com
As reported by NBN with reference to the official page of the State Service for Special Communications and Information Protection of Ukraine, the goal of the above-described cybercriminals was to steal the accounts of citizens registered on the national mail service MAIL.UKR.NET, first of all, we are talking about stealing personal information of employees of government agencies, military personnel and employees of domestic enterprises/organizations.
In particular, hackers took advantage of the fact that public mail services do not have the means to perform preliminary verification of emails, as corporate services do — cybercriminals began distributing mailings with attached archives containing HTML files.
After opening such an “attachment,” the recipient is redirected to a web resource that visually imitates the real MAIL.UKR.NET page, but is in fact a phishing site: when entering a login and password, these authentication data are received by the attackers, while a distracting application is downloaded to the victim’s computer.
CERT-UA specialists strongly recommend:
- enable 2-factor authentication on MAIL.UKR.NET;
- do not access public mail services from service devices;
- set up a filter that sends copies of incoming emails to corporate email, which will allow you to conduct a “retrospective analysis” of suspicious emails.
Earlier, we wrote about the State Special Communications Service warning about the spread of a new fraudulent scheme with bank cards in Ukraine.
