The Laptop Emergency Response Staff of Ukraine (CERT-UA) has issued an alert warning of cyber assaults towards state authorities within the nation that deploy a reliable distant entry software program named Remcos.
The mass phishing marketing campaign has been attributed to a menace actor it tracks as UAC-0050, with the company describing the exercise as possible motivated by espionage given the toolset employed.
The bogus emails that kick-start the an infection sequence declare to be from Ukrainian telecom firm Ukrtelecom and are available bearing a decoy RAR archive. Of the 2 recordsdata current within the file, one is a password-protected RAR archive that is over 600MB and the opposite is a textual content file containing the password to open the RAR file.
Embedded throughout the second RAR archive is an executable that results in the set up of the Remcos distant entry software program, granting the attacker full entry to commandeer compromised computer systems.
Remcos, quick for distant management and surveillance software program, is obtainable by Breaking Safety both totally free or as a premium model that prices anyplace between €58 and €945.
The Italian firm calls it a “light-weight, quick and extremely customizable Distant Administration Software with a wide selection of functionalities.”
The most recent CERT-UA advisory comes because the State Cyber Safety Centre (SCPC) of Ukraine pointed fingers at a Russian state-sponsored menace actor referred to as Gamaredon for its focused assaults geared toward public authorities and demanding info infrastructure.