All news

Operational information was received from the participant of the information exchange regarding the detection of network connections between the information and communication system (ICS) of the state organization of Ukraine and the infrastructure associated with the APT28 group.

The government computer emergency response team CERT-UA discovered the website hxxps://www.ukrainianworldcongress[.]info/, which copies the English version of the web resource of the international non-governmental organization "World Congress of Ukrainians" (the legitimate page hxxps://ukrainianworldcongress[. ]org/).

The Government Computer Emergency Response Team of Ukraine CERT-UA discovered XLS documents "PerekazF173_04072023.xls" and "Rahunok_05072023.xls" containing both a legitimate macro and a macro that will decode, persist and launch the PicassoLoader malware .

The government computer emergency response team of Ukraine CERT-UA discovered HTML files that imitate the web interface of mail services (in particular, UKR.NET, Yahoo.com) and implement the technical possibility of exfiltrating authentication data entered by the victim using HTTP POST requests. At the same time, the transfer of stolen data is carried out using previously compromised Ubiquiti devices (EdgeOS).

General informationThe government's computer emergency response team of Ukraine CERT-UA is taking measures to counter cyber threats. For example, since 2022, the UAC-0024 identifier has been used to monitor activity involving targeted cyberattacks against defense forces for the purpose of espionage using the CAPIBAR malware (Microsoft: "DeliveryCheck", Mandiant: "GAMEDAY").

general informationThe Government Computer Emergency Response Team of Ukraine CERT-UA implements the Law of Ukraine "On the Basic Principles of Cyber Security of Ukraine" to take organizational and technical measures to prevent, detect and respond to cyber incidents and cyber attacks and eliminate their consequences.

 general informationOn 07/21/2023 and 07/24/2023, the Government Computer Emergency Response Team of Ukraine CERT-UA recorded regular attacks by the UAC-0006 group using the SmokeLoader malware.At the same time, attackers use ZIP-polyglot, the contents of which are available to the user depending on the archiver program with which this archive is opened. If WinRAR is used, the mentioned ZIP polyglot will contain a ZIP archive with the extension ".pdf" containing JavaScript files (21.07.2023) or a ZIP archive with the extension ".docx" (24.07.2023) containing an executable file "Pax_ipn_18.07.2023p.jpg", JavaScript downloader "2. Extract from the register dated 24.07.2023_Document code 9312-0580-6944-3255.xls.js" and SFX archive "1. Payment instruction ipn and extract from the register Code of the document 9312-0580-6944-3255.exe" with the decoy file "document_payment.docx" (a copy of "Payment instruction Privat_bank.docx") and the BAT script "passport.bat" designed to run "Pax_ipn_18.07.2023p.jpg ", which is a copy of the downloaded "weboffice.exe".

February 24, 2022 The State Research Institute of Cyber ​​Security Technologies on the basis of the Department of Scientific and Technical Expertise is conducting a scientific and practical seminar on the topic: "Requirements for the organization of information security of cloud technologies and assessment of compliance with information security requirements".

The @Way State National Research Institute of Cyber ​​Security Technologies team (Roman Odarchenko, Serhiy Hnatyuk, Dmytro Bondarenko) from November 15 to 19, 2021, took part in the National Hackathon on Cyber ​​Defense, which was organized by the State Service of Special Liaison in the NATO TIDE Hackaton format communication and information protection. 16 teams took part in the competition in three areas:

The Institute team won the TIDE Hackathon 2021 competition. Thanks to this, team members Nazar Kalyan and Maksym Ryabenko were invited by the TIDE Hackathon coordinator to participate in the TIDE SPRINT #38 2021 conference.TIDE Sprint (Think-Tank for Information Decision and Execution Sprint) is one of the main activities of the Allied Command Transformation (ACT) and NATO think tanks to promote innovation and rapid development of concepts and specifications in order to progress, improve and federate cooperation between NATO , Command and Control (C2) and IT partner countries. TIDE Sprint events are typically held twice a year, each spring in Europe and each fall in the United States. The TIDE Sprint brings together operators, managers, industry and academics to share and explore ideas to help the Alliance and partner countries adapt to technological change.