All news

The occupiers in the temporarily occupied territories are trying to connect Ukrainians to Russian Internet networks, where there is equipment for filtering Internet traffic, which made it possible to block many Ukrainian and international web resources. To avoid tracking and bypass restrictions, we advise Ukrainian users connected to Russian networks to use VPN services.

An IP address, or Internet Protocol address, is a unique numerical identifier of a gadget on the network, which is needed to transfer information between devices. Every computer, tablet, smartphone connected to the Internet has an IP address. It can be static (permanent, provided by the provider) and dynamic (changes every time you connect to the Internet).

Objects of critical infrastructure of Ukraine are one of the main targets of Russian hackers during the war in Ukraine. In order to improve the knowledge of information security specialists and provide practical skills that will help institutions to be effective in building and managing cyber protection, the State Special Communications Service conducted a second educational course for category "B" civil servants.

The government computer emergency response team of Ukraine CERT-UA, which operates under the State Special Communications Service, discovered and investigated the distribution of emails by criminals using the email address cert-ua@ ukr.net. The letters with the subject "CERT-UA Recommendations on the settings of MS Office programs" contain an attached file "INTERNAL CYBER THREAT.chm" allegedly on behalf of CERT-UA.

The Government Computer Emergency Response Team of Ukraine CERT-UA discovered the PPT document "daewdfq342r.ppt", which contains a macro and a thumbnail image with the emblem of the National Defense University of Ukraine named after Ivan Chernyakhivskyi.

An e-mail was received from a participant of the information exchange with the subject "Suspicious activity observed @UKR.NET" and an attachment in the form of a PDF file "Security warning.pdf" sent, apparently, on behalf of UKR.NET technical support (sender's e-mail address: "account .support.0@ukr.net").

Operational information was received from the participant of the information exchange regarding the detection of network connections between the information and communication system (ICS) of the state organization of Ukraine and the infrastructure associated with the APT28 group.

The government computer emergency response team CERT-UA discovered the website hxxps://www.ukrainianworldcongress[.]info/, which copies the English version of the web resource of the international non-governmental organization "World Congress of Ukrainians" (the legitimate page hxxps://ukrainianworldcongress[. ]org/).

The Government Computer Emergency Response Team of Ukraine CERT-UA discovered XLS documents "PerekazF173_04072023.xls" and "Rahunok_05072023.xls" containing both a legitimate macro and a macro that will decode, persist and launch the PicassoLoader malware .

The government computer emergency response team of Ukraine CERT-UA discovered HTML files that imitate the web interface of mail services (in particular, UKR.NET, Yahoo.com) and implement the technical possibility of exfiltrating authentication data entered by the victim using HTTP POST requests. At the same time, the transfer of stolen data is carried out using previously compromised Ubiquiti devices (EdgeOS).