Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons

Ukrainian organizations have been subjected to new hacking attempts tailored to drop malware and malicious Cobalt Strike beacons onto their networks.

On June 20, the Computer Emergency Response Team for Ukraine (CERT-UA) published two advisories on the hacking incidents, suspected of being the work of threat groups APT28 — also known as Fancy Bear — and UAC-0098.

The phishing campaign, conducted by Russian advanced persistent threat (APT) APT28, sees it attempting to spread a malicious document titled, “Nuclear Terrorism A Very Real Threat” Distribution is suspected of being carried out on June 10.

UAC-0098’s hacking attempts also begins with a malicious email. The phishing messages have a malware document attached, “Imposition of penalties.docx,” and its distribution has been described as “persistent” with an original compilation date of June 16.

This document is also spread through a password-protected archive, fraudulently passed off as communication from Ukraine’s tax office, with the subject line: “Notice of non-payment of tax.”

When opened, both documents automatically download an HTML file that initiates malicious JavaScript code containing an exploit for CVE-2022-30190.

Issued a CVSS severity score of 7.8, CVE-2022-30190 is a remote code execution (RCE) vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT). The vulnerability, patched but

Read More: