Today > vulnerabilities   -   You can now download lists of IOCs here!

Malicious RDP Files Identified in Latest Attack on Ukrainian Entities

Oct. 28, 2024, 12:55 p.m.

Tags
phishing
apt28
ukraine
rdp
aws
2024-10-26
uac-0218
uac-0215
domain seizure
homesteel
cert-ua
External References
Description

CERT-UA has uncovered a new malicious email campaign targeting Ukrainian government agencies, enterprises, and military entities. The campaign uses RDP configuration files to establish remote connections, enabling data theft and further malware deployment. Attributed to UAC-0215 and linked to APT29, the operation exploits popular services like Amazon and Microsoft. Infrastructure preparation began in August 2024, with potential to spread beyond Ukraine. Amazon has seized impersonating domains to neutralize the threat. CERT-UA also warned of other attacks, including a large-scale operation stealing confidential information (UAC-0218) and a ClickFix-style campaign possibly linked to APT28.

Date

Published: Oct. 26, 2024, 7:55 a.m.

Created: Oct. 26, 2024, 7:55 a.m.

Modified: Oct. 28, 2024, 12:55 p.m.

Attack Patterns

HOMESTEEL

APT29

T1586

T1534

T1608

T1119

T1074

T1189

T1114

T1573

T1071

T1102

T1020

T1192

T1204

T1132

T1001

T1584

T1566

T1190

T1133

T1078

Additional Informations

Defense

Government

South Georgia and the South Sandwich Islands

Georgia

Ukraine