13:39 18.07.2024

Hackers using UAV procurement for cyberattacks on defense enterprises – Special Communications Service

2 min read
Hackers using UAV procurement for cyberattacks on defense enterprises – Special Communications Service

The government team for responding to computer emergency events of Ukraine CERT-UA, operating under the State Service for Special Communications and Information Protection, has recorded new cyberattacks against Ukrainian defense enterprises, for which the procurement of UAVs is used.

"For their purposes, hackers use several types of malicious software and can pose as government officials to increase trust," the Service said on the Telegram channel.

According to the State Special Communications Service, to install malicious software, attackers send an email with an attachment in the form of a ZIP file that contains a PDF document with a link. The victim is asked to follow a link to supposedly "download the missing fonts."

Next, when you follow the link, the file "adobe_acrobat_fonts_pack.exe" is downloaded to your computer, which is actually a GLUEEGG malicious program designed to decrypt and launch the DROPCLUE loader.

DROPCLUE downloads and opens two files on the computer: a decoy PDF file, as well as an EX file "font-pack-pdf-windows-64-bit" which ultimately downloads and installs the legitimate ATERA remote control program.

As a result, hackers are able to gain unauthorized access to the victim's computer.

"Enemy activity is tracked using the UAC-0180 identifier. This group actively attacks employees of defense enterprises and the Ukrainian Defense Forces, constantly updating the arsenal of various malicious programs, but their malicious activities are not limited to Ukraine," the State Special Communications Service notes.

AD
AD
AD
AD