The Government Computer Emergency Response Team of Ukraine (CERT-UA) has received information about multiple cases of attempts to connect to computers using the AnyDesk program, allegedly on behalf of CERT-UA.
Unknown persons sent requests to connect to AnyDesk under the name “CERT.UA”, using its logo and identifier “1518341498” (may change). In their requests, they claimed to be conducting a “security audit to check the level of security”.
Description of the cyber attack
It is important to emphasize that CERT-UA, under certain circumstances, may indeed use remote access software, including AnyDesk. However, such actions are carried out only after prior agreement with the owners of cybersecurity facilities through officially approved communication channels.
The described activity does not belong to the activities of CERT-UA and is another attempt by attackers to use social engineering methods, including manipulation of trust and use of authority.
It is important to note that the attack is only possible if the attackers have the victim’s AnyDesk ID and the AnyDesk software installed and running on the computer. This may indicate previous compromised access to AnyDesk identities, for example, through other computers that were previously used for authorized remote access.
Tips from CERT-UA
CERT-UA urges you to follow the following recommendations to prevent cyber threats:
- Remote access programs, such as AnyDesk, should be enabled only for the duration of the session.
- Work with remote access must be approved in person through existing official communication channels.
- In case of detection of suspicious activity or anomalies, immediately notify the cyber defense units and, if necessary, CERT-UA for a quick response.
