Last week, experts from the Government Computer Emergency Response Team CERT-UA detected a massive spread of phishing emails among government agencies with a subject line about themselves.
The emails are called: “CERT-UA#5086 Suspicious access to your mailbox”. They were sent on behalf of CERT-UA, and they also used the symbols of the State Center for Cyber Defense of the State Special Communications Service.
The emails contain a call to change the password and a link to a web resource that imitates the web interface of the Roundcube email software. If you click on the link and enter the authentication data, the login and password will be sent to the attacker via an HTTP POST request.
This time, the fake website was created using the free InfinityFree service. In addition, the attackers used the subdomain mlcrosoft.rf[ . ]gd, which is likely to imitate Microsoft services.
The activity is tracked by the UAC-0170 identifier.
To reduce the likelihood of the threat being realized, CERT-UA calls for the use of multi-factor authentication based on a one-time code from a mobile application.
In early August, the State Service of Special Communications reported that attackers were sending viruses under the guise of recommendations from CERT-UA.