Conversation with a top Ukrainian cyber official: What we know, what we don't, what it means

Written by
Jan 31, 2022 | CYBERSCOOP

Cybersecurity officials in Ukraine issued a warning Monday about yet another phishing attack using either compromised or spoofed government email addresses, the second such warning since Saturday.

Monday’s alert warned of attackers targeting government institutions with malware-laced bait documents hosted on Discord that come to targets within emails from the National Health Service of Ukraine. The malware deploys a program called OutSteel that looks for certain file extensions and steals them, and also deploys a second malicious program called SaintBot.

Monday’s bulletin comes two days after government officials there warned of compromised email accounts from the Ukrainian judiciary being used to target mostly Ukrainian government targets with malware hidden within phony court inquiries.

Both operations come roughly two weeks after a cyberattack targeting Ukrainian government systems that wiped some computers and defaced the websites of dozens of agencies’ sites.

All of the attacks are linked as part of “hybrid aggression, cyber aggression against Ukraine,” said Victor Zhora, the deputy chairman of the State Service of Special Communications and Information Protection of Ukraine, but not as a single operation.

“These are steps to continuously attack Ukrainian government agencies, objects of critical

Read More: