The Computer Emergency Response Team of Ukraine (CERT-UA) reported three significant cyber attacks targeting state administration and critical infrastructure. These attacks utilized compromised email accounts to deliver phishing messages leading to malicious links that induce urgency around salary cuts. Upon clicking, victims download a Visual Basic Script (VBS) loader known as WRECKSTEEL, which executes a PowerShell script to capture sensitive files and screenshots. This threat, part of ongoing malicious activity since fall 2024, remains unlinked to any specific country, while Kaspersky noted other phishing attacks affecting Russian entities and industrial sectors.
The recent cyber attacks targeted Ukrainian state bodies and critical infrastructure, employing phishing techniques to steal sensitive data through compromised email accounts.
CERT-UA tracked the attack's progression to a sophisticated Visual Basic Script (VBS) loader named WRECKSTEEL, which uses PowerShell for data harvesting and screen capturing.
Collection
[
|
...
]