Russian hackers have once again targeted users in Ukraine and Poland, using phishing emails containing links to "documents."
The State Special Communications and Information Protection Service of Ukraine reported this on their Telegram channel.
Between December 15 and 25, Ukraine identified the distribution of emails by the APT28 group with links to "documents," visiting which led to computer infection with malware.
In addition to users in Ukraine, organizations in Poland were also targeted in this attack.
"Based on the totality of tactics, techniques, procedures, and tools, the activity is associated with the APT28 group," the service stated.
According to the State Special Communications, the malicious intent involves taking measures to develop a cyber attack on the entire information and communication system of the organization. Thus, compromising any computer could pose a threat to the entire network.
The emails were reported to have the subject "SSU Request" with an attachment in the form of a password-protected archive "Documents.zip," containing a password-protected and split into three parts RAR archive "Request.rar."
The last part contains an executable file "Request.exe." In the event of opening such an archive and running the executable files, the computer may be affected by the RemcosRAT programme.
