Threat actors are distributing malware using phishing themes related to the invasion of Ukraine, aiming to infect their targets with remote access trojans (RATs) such as Agent Tesla and Remcos.
It is common for malware distributors to take advantage of trending global events to trick the recipient into opening email attachments, and at this time, there is nothing more closely watched than Russia's invasion of Ukraine.
Using this theme, threat actors are sending malicious emails that install RATs on target systems to gain remote access, steal sensitive information, conduct network reconnaissance, disable security software, and generally prepare the ground for more potent payloads.
Ukraine is a manufacturing hub for various parts, and the current conflict has forced factories to close, inevitably creating supply chain problems and shortages.
The first campaign spotted by Bitdefender attempts to exploit these concerns by targeting manufacturers with a ZIP attachment that supposedly contains a survey that they are required to fill out to help their customers develop backup plans.
The second campaign involves the impersonation of a South Korean healthcare company that manufactures in-vitro diagnostic systems.
The message to targets claims that all orders have been put on hold due to flight and shipment restrictions from Ukraine.
Bitdefender also reports seeing an explosion in the number of scammers who attempt to convince users they are legitimate charities collecting donations to support Ukraine.
These scams have intensified, with malicious actors impersonating the Ukrainian government, the Act for Peace, UNICEF, and the Ukraine Crisis Relief Fund.
In general, but especially during periods of turbulence and uncertainty, avoid clicking on links or downloading attachments arriving at your inbox via unsolicited communications.
If you want to donate to Ukraine, consider donating directly to the Save Life organization or the Ukrainian Red Cross. Also, the official Ukraine government has published the following cryptocurrency addresses to use for donations.
Full article on Russia-Ukraine war exploited as lure for malware distribution (bleepingcomputer.com)
#malware #distribution #Ukraine #Russia #yokdata #blog