Network Security, Threat Intelligence, Phishing

Phishing attack campaign against Ukraine thwarted

Phishing email

Ukrainian military entities were targeted in a now-disrupted month-long phishing attack campaign by Russia-linked threat operation FlyingYeti, also known as UAC-0149, that deployed the COOKBOX malware with cmdlet loading and execution capabilities, reports The Hacker News.

Attacks involved the distribution of malicious emails with payment- and debt restructuring-related lures meant to encourage downloads of a Microsoft Word file from a spoofed Kyiv Komunalka website, which verifies an HTTP request to a Cloudflare Worker before fetching a RAR archive file that then exploits the WinRAR flaw, tracked as CVE-2023-38831, to facilitate COOKBOX malware execution, according to a Cloudflare report.

Such findings come amid separate warnings by Ukraine's Computer Emergency Response Team regarding escalating phishing attacks by the UAC-0006 threat group involving SmokeLoader malware deployment, as well as the UAC-0188 threat operation's use of a trojanized Minesweeper game to distribute SuperOps Remote Monitoring and Management software.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds