- Nile unwraps NaaS security features for enterprise customers
- Get these premium Sony Bravia home theater speakers for $500 off during Black Friday
- The best Black Friday soundbar and speaker deals: Save on Bose, Sonos, Beats, and more
- One of the best pool-cleaning robots I've tested is $450 off for Prime Day
- Apple's M2 MacBook Air is on sale for $749 for Black Friday
Vermin Cyber-Attacks Target Ukraine, Exploiting Kursk Battle
Ukraine’s Computer Emergency Response Team (CERT-UA) has uncovered cyber-attacks which use malicious emails with photos of alleged prisoners of war (POWs) from the Kursk direction.
In July 2024, Ukraine launched a series of attacks into the Kursk region of Russia in a move to divert Russian forces and resources away from the main frontlines.
Distribution of Spectr Spyware and Firmachagent Malware
These malicious emails contain a link to a downloadable archive containing a file with the Compiled HTML Help (.chm) extension, a file format primarily used by Microsoft to store help documentation and manuals.
According to CERT-UA, part of the State Special Communications Service of Ukraine (SSSCIP), opening the file installs components of spyware Spectr as well as new malware called Firmachagent.
The latter retrieves the data stolen by Spectr and sends it to a remote management server.
CERT-UA suspects Vermin (aka UAC-0020), a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin, to be responsible for those cyber-attacks.
CERT-UA Mitigation Recommendations
In its security advisory, published on August 19, CERT-UA recommended the following steps to mitigate the threat:
- Restrict users’ permissions by removing them from the “Administrators” group to reduce the attack surface
- Apply policies (single-responsibility principle/app locker) to prevent users from launching .chm and powershell.exe files
The Ukrainian authorities also urged anyone who received the malicious email to contact CERT-UA.
Photo credit: artaxerxes_longhand/Shutterstock