The government’s Computer Emergency Response Team (CERT-UA), which operates under the State Special Communications Service of Ukraine, has detected a new wave of phishing attacks targeting accountants of companies.
The attackers send emails imitating messages from the State Tax Service of Ukraine.
The emails contain PDF documents with a link to a file sharing service that hosts the archive. Opening its contents will lead to the installation of a malicious program on the computer, which gives the attackers remote access to it:
“The mentioned documents contain links to a file service (qaz.im, qaz.is, qaz.su), which, if followed, will download the archive “dps_tax_gov_ua_0739220983.rar”, which, with several levels of nesting, will contain the password-protected archive “Electronic request for documents of the tax service.pdf.rar”, which, in turn, will contain the SFX file “Electronic request for documents of the tax service.pdf.exe”.
We remind you that the described activity is financially motivated and is carried out by the UAC-0050 group. Accountants of companies whose computers are used to work with remote banking systems are particularly at risk.
In some cases, it may take no more than an hour from the moment of the initial attack to the moment of theft of the company’s funds.
CERT-UA notes that it is possible to reduce the likelihood of a cyber threat by setting up regular operating system protection mechanisms, as well as by fully utilizing the functionality of banking information systems in terms of authenticating accountant actions using one-time codes.
