The CERT-UA cyber incident response team (a specialized unit of the State Special Communications Service) reported that unknown attackers on behalf of «CERT.UA» were sending connection requests via the AnyDesk remote support program. They claimed to be conducting a «security audit to check the level of protection.»
The CERT-UA cyber incident response team (a specialized unit of the State Special Communications Service) reported that unknown attackers on behalf of «CERT.UA» were sending connection requests via the AnyDesk remote support program. They claimed to be conducting a «security audit to check the level of protection.»
«It is important to emphasize that CERT-UA, under certain circumstances, can indeed use software tools for remote access, including AnyDesk. However, such actions are performed only after prior agreement with the owners of cyber defense facilities through officially approved communication channels,» cyber experts at the State Service for Special Communications reported.
According to them, this activity does not belong to the activities of CERT-UA and is «another attempt by attackers to apply social engineering methods, in particular, manipulation of trust and use of authority.»
CERT-UA explained that such an attack can only be carried out if the attackers have the victim’s AnyDesk ID and the AnyDesk program installed and active on the computer.
«This may indicate previous compromised access to AnyDesk credentials, for example, through other computers previously used for authorized remote access,» cyber experts believe.
They gave some tips on how to avoid this type of threat:
Earlier, CERT-UA reported a wave of phishing attacks targeting accountants of Ukrainian enterprises. Attackers are imitating letters from the State Tax Service.
