- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
Vermin Cyber-Attacks Target Ukraine, Exploiting Kursk Battle
Ukraine’s Computer Emergency Response Team (CERT-UA) has uncovered cyber-attacks which use malicious emails with photos of alleged prisoners of war (POWs) from the Kursk direction.
In July 2024, Ukraine launched a series of attacks into the Kursk region of Russia in a move to divert Russian forces and resources away from the main frontlines.
Distribution of Spectr Spyware and Firmachagent Malware
These malicious emails contain a link to a downloadable archive containing a file with the Compiled HTML Help (.chm) extension, a file format primarily used by Microsoft to store help documentation and manuals.
According to CERT-UA, part of the State Special Communications Service of Ukraine (SSSCIP), opening the file installs components of spyware Spectr as well as new malware called Firmachagent.
The latter retrieves the data stolen by Spectr and sends it to a remote management server.
CERT-UA suspects Vermin (aka UAC-0020), a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin, to be responsible for those cyber-attacks.
CERT-UA Mitigation Recommendations
In its security advisory, published on August 19, CERT-UA recommended the following steps to mitigate the threat:
- Restrict users’ permissions by removing them from the “Administrators” group to reduce the attack surface
- Apply policies (single-responsibility principle/app locker) to prevent users from launching .chm and powershell.exe files
The Ukrainian authorities also urged anyone who received the malicious email to contact CERT-UA.
Photo credit: artaxerxes_longhand/Shutterstock