Ukraine’s security service claims to have thwarted mass cyberattack by Russian special forces
The following is a machine translation of a press release by Служба безпеки України, the Security Service of Ukraine:
The SBU blocked a mass cyberattack by Russian special services on the computer networks of the Ukrainian authorities
Cyber experts of the Security Service of Ukraine revealed the facts of purposeful distribution of malicious software by the special services of the Russian Federation. Customers planned to hit the computer networks of public authorities, local governments and critical infrastructure.
Specialists of the Security Service of Ukraine established that in early June this year, mass e-mails were sent with a change of address of the sender. In particular, reports from the Kyiv Patrol Police Department allegedly contained malicious attachments and were sent to a number of government agencies.
Malicious software initiates the installation of the client part of the program (remote administration tool) on the affected computer. This allows the foreign intelligence service to remotely exercise full control over the PC. Control and command servers have been installed, which are located on the territory of the Russian Federation.
Cyber experts of the Security Service of Ukraine recommend an urgent inspection of information and telecommunications systems, in particular using indicators published in the platform “MISP-UA” to identify their possible compromise and take prompt precautions.
|Electronic request.rar||ce4bf04087f7a011ef020fce81d00a393e37f679||ad15d2d402b03d0dc0fb55842c8159 b868448b8459b4c468b325c225393cfcf4|
|Electronic request.pdf.rar||2ed6b02df189dbb1d07d76886957d5f7cdcd1463||23388220f257056878c17c5f4f44d1b1a8 478328bbbd14a450ea9bd141021763|
|Access code 030621.txt||e285193b27d5ea1c644973993415bbf9baad86a0||bf135c2003dee739fa69e7f2ee7d460d61 edddfff3747920ee0dbeb1c9f311b2|
|Electronic request.pdf.exe||9480842a7a94c378ed27771c724bada5bdb758c4||e065fb7712e0c7a8ba1db464bd8d97443 b10d7162c9930fc5a9576c7871e4c78|
Command and control servers:
- 184.108.40.206 (Ru-Center, RF),
- 220.127.116.11 (Hetzner, Germany)
- 18.104.22.168 (Zomro, Netherlands)
The connection is made to ports 5651, 8080 and 81
To clean the affected computers from the specified SPZ requires:
- stop a service named Remote Utilities – Host
- remove directory C: \ Program Files (x86) \ Remote Utilities – Host \
Original Source: Служба безпеки України.