Ukrainian law enforcement agencies, armed forces, and local government entities were disclosed by the country's Computer Emergency Response Team to have been targeted by the UAC-0226 threat operation in information-stealing malware attacks involving the spoofing of Ukrainian state agencies and drone makers, reports The Record, a news site by cybersecurity firm Recorded Future.
Phishing emails referencing administrative penalties, landmine clearance, and drone production have been leveraged by threat actors to deploy malicious code and the GiftedCrook infostealing payload, which facilitates the exfiltration of browser-stored credentials, history, and cookies via Telegram, according to the CERT-UA. Such a development comes just days after Ukrainian critical infrastructure and government agencies were reported by CERT-UA to have been subjected to intrusions involving the nascent Wrecksteel malware. Attackers behind the campaign exploited compromised email accounts to distribute messages with links resulting in the execution of Wrecksteel, which features text and image extraction, as well as screenshot capturing capabilities, noted CERT-UA.
