Ukrainian military entities were targeted in a now-disrupted month-long phishing attack campaign by Russia-linked threat operation FlyingYeti, also known as UAC-0149, that deployed the COOKBOX malware with cmdlet loading and execution capabilities, reports The Hacker News.Attacks involved the distribution of malicious emails with payment- and debt restructuring-related lures meant to encourage downloads of a Microsoft Word file from a spoofed Kyiv Komunalka website, which verifies an HTTP request to a Cloudflare Worker before fetching a RAR archive file that then exploits the WinRAR flaw, tracked as CVE-2023-38831, to facilitate COOKBOX malware execution, according to a Cloudflare report. Such findings come amid separate warnings by Ukraine's Computer Emergency Response Team regarding escalating phishing attacks by the UAC-0006 threat group involving SmokeLoader malware deployment, as well as the UAC-0188 threat operation's use of a trojanized Minesweeper game to distribute SuperOps Remote Monitoring and Management software.
Network Security, Threat Intelligence, Phishing
Phishing attack campaign against Ukraine thwarted

(Adobe Stock Images)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds