"The ZIP file ('CERT_UA_protection_tool.zip') is designed to download malware packaged as security software from the agency. The malware, per CERT-UA, is a remote access trojan codenamed AGEWHEEZE."
"AGEWHEEZE communicates with an external server ('54.36.237[.]92') over WebSockets and supports a wide range of commands to execute commands, perform file operations, modify the clipboard, emulate mouse and keyboard, take screenshots, and manage processes and services."
"The attack is assessed to have been largely unsuccessful. 'No more than a few infected personal devices belonging to employees of educational institutions of various forms of ownership were identified,' the agency said."
"An analysis of the bogus website 'cert-ua[.]tech' has revealed that it was likely generated with assistance from artificial intelligence (AI) tools, with the HTML source code also including a comment: 'С Любовью, КИБЕР СЕРП,' meaning 'With Love, CYBER SERP.'"
CERT-UA reported a phishing campaign where attackers impersonated the agency to distribute AGEWHEEZE, a remote access trojan. Emails were sent to state organizations, medical centers, and educational institutions, urging recipients to install a ZIP file containing malware. The malware communicates via WebSockets and can execute various commands. The attack was largely unsuccessful, with only a few infections reported among educational institution employees. The bogus website used AI tools for generation, indicating a sophisticated approach by the attackers.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]