The government’s computer emergency response team CERT-UA, which operates under the State Service for Special Communications, reports ongoing hacker activity targeting Ukraine’s justice and notary agencies.
The attackers distribute emails with attachments in the form of BZIP, GZIP or RAR archives. Opening the file eventually leads to the infection of the computer with AsyncRAT malware, which provides remote access to the device.
At the same time, CERT-UA experts note that hackers use specific subjects and file names when sending emails. For example: “Letter from the Department of Notaries in Dnipropetrovska oblast.rar”, “Letter for information and execution.cmd”, “Letter from the Ministry of Justice for information and consideration.exe.bzip”. This suggests that the main targets of the attackers are the Ukrainian justice and notary authorities.
The Ukrainian government’s Computer Emergency Response Team has been tracking malicious activity since the first quarter of 2023 under the UAC-0173 identifier. It is possible that it may be related to the activities of UAC-0007 (BlackNotary – the so-called “black” notaries).
