The Computer Emergency Response Team of Ukraine (CERT-UA) has detected two malicious campaigns targeting Ukraine’s government entities, one of which involves an exploit for an XSS vulnerability in Zimbra Collaboration Suite, and the other one delivers the IcedID banking trojan.
In the first case the attackers have been observed distributing phishing emails titled “Volodymyr Zelenskyy presented the Golden Star Orders to servicemen of the Armed Forces of Ukraine and members of the families of the fallen Heroes of Ukraine” containing a JavaScript code, which triggers the exploitation of the vulnerability (CVE-2018-6882) in Zimbra Collaboration Suite, an email and collaboration platform.
This flaw affects Zimbra Collaboration Suite versions 8.7 and earlier and allows a remote attacker to perform cross-site scripting attacks.
In the observed attacks the vulnerability was exploited to add a forwarding rule for the victim's emails to a new address under the threat actor's control, the CERT-UA said. The security team has attributed this campaign with moderate confidence to UAC-0097, a currently unidentified threat actor.
The second report describes a phishing campaign involving XLS files named “Mobilization Register.xls,” which, when opened, decrypt and run the GzipLoader malware on the victim’s system. GzipLoader then downloads the IcedID banking trojan that can be used for stealing credentials, or to download additional malware such as Cobalt Strike, ransomware, and data wiping tools. The CERT-UA has linked this campaign to the UAC-0041 cluster of activity.
According to a report from The State Service of Special Communication and Information Protection of Ukraine, since the beginning of the Russian invasion of Ukraine, the country has faced 362 cyberattacks, that's almost three times as many hacking attempts against the country’s systems as before the war.
Cybersecurity Help statement on the critical situation in Ukraine
On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!