The hacker group from russia UAC-0010 (Armageddon) started a new cyberattack during which it uses emails with a subject that reads "On carrying out the revenge action in Kherson!", the State Service of Special Communication and Information Protection of Ukraine (SSSCIP) reports.
The letters sent by hackers contain an attached file "Plan Kherson.htm".
If this attachment is opened, the file "Herson.rar" with the shortcut "Plans of approach and explosives planting at the critical infrastructure objects of Kherson.lnk" is created on the victim's computer.
After that, the GammaLoad.PS1v2 malware is downloaded.
SSSCIP recalled that the hacker group Armageddon has been actively attacking our country's critical information infrastructure since the start of the rf's full-scale military invasion of Ukraine. It uses subjects that are sensitive to Ukrainians during cyberattacks.
Also, the cyberattacks of this group against the EU countries have been documented.
Under the guise of checking driving licenses, fraudsters illegally collected data about their series and numbers.
Also, as has been reported before, the fraudsters are sending a fake chatbot "e-Pidtrymka" [e-Support – tr.], referring to the Center for Countering Disinformation at the National Security and Defense Council.