Ukraine's government agencies had their computer systems targeted by novel threat operation UAC-0154 in a phishing campaign delivering the open-source MerlinAgent malware, reports The Record, a news site by cybersecurity firm Recorded Future.
Malicious emails purporting to be from Ukraine's Computer Emergency Response Team with attachments facilitating MerlinAgent tool infections have been sent by attackers earlier this month, according to CERT-UA. MerlinAgent, which was already leveraged in attacks against Ukrainian government entities last month, was found to be a remote access tool that also enables file downloads or deletions, as well as command execution.
While MerlinAgent, which had its open-source code posted by GitHub user Russel Van Tuyl, was noted in its developer's note to be meant for authorized testing and research purposes, malicious utilization of the tool has ensued amid the ongoing Russia-Ukraine war.
Other offensive security tools have also been leveraged by both parties in their respective attacks.