Experts from the State Special Communications Service are warning developers of innovations in the military sector, as well as military personnel, law enforcement officers, and employees of local governments, especially those located along the country’s eastern border, about the intensification of cyberattacks.
Experts from the State Special Communications Service are warning developers of innovations in the military sector, as well as military personnel, law enforcement officers, and employees of local governments, especially those located along the country’s eastern border, about the intensification of cyberattacks.
The Ukrainian government’s computer emergency response team CERT-UA reports that attackers are sending emails from compromised accounts, including through a web interface.
The letter from cybercriminals contains attachments in the form of XLS documents with macros (extension «.xlsm»). The names/topics of the malicious attachments are disguised as issues of demining the territory, administrative fines, UAV production, compensation for destroyed property, etc. The «malware» is contained in the form of base64-encoded strings among the cells of the Excel spreadsheet. The mentioned macro provides conversion (decoding) of base64-encoded strings into executable files, their saving to the computer without extension and subsequent launch.
As of April 2025, the State Service for Special Communications reports two types of software tools for implementing cyber threats:
The described cyber threat cluster is tracked by the identifier UAC-0226.
Cybersecurity workers are warning system administrators and asking them to separately check the availability, completeness, and depth of mail and web server logs.
