The following is a machine translation of a press release by Служба безпеки України, the Security Service of Ukraine:
The SBU blocked a mass cyberattack by Russian special services on the computer networks of the Ukrainian authorities
Cyber experts of the Security Service of Ukraine revealed the facts of purposeful distribution of malicious software by the special services of the Russian Federation. Customers planned to hit the computer networks of public authorities, local governments and critical infrastructure.
Specialists of the Security Service of Ukraine established that in early June this year, mass e-mails were sent with a change of address of the sender. In particular, reports from the Kyiv Patrol Police Department allegedly contained malicious attachments and were sent to a number of government agencies.
Malicious software initiates the installation of the client part of the program (remote administration tool) on the affected computer. This allows the foreign intelligence service to remotely exercise full control over the PC. Control and command servers have been installed, which are located on the territory of the Russian Federation.
Cyber experts of the Security Service of Ukraine recommend an urgent inspection of information and telecommunications systems, in particular using indicators published in the platform “MISP-UA” to identify their possible compromise and take prompt precautions.
|Access code 030621.txt
Command and control servers:
- 126.96.36.199 (Ru-Center, RF),
- 188.8.131.52 (Hetzner, Germany)
- 184.108.40.206 (Zomro, Netherlands)
The connection is made to ports 5651, 8080 and 81
To clean the affected computers from the specified SPZ requires:
- stop a service named Remote Utilities – Host
- remove directory C: \ Program Files (x86) \ Remote Utilities – Host \
Original Source: Служба безпеки України.