Potential cyberespionage campaign against Ukraine involves Remcos tool

Threat operation UAC-0050 has leveraged the Remcos surveillance tool in new attacks against Ukrainian government agencies believed to be part of a cyberespionage campaign, reports The Record, a news site by cybersecurity firm Recorded Future. Organizations targeted by the campaign have been sent phishing emails purportedly from Ukraine's security service seeking recipients to fill out certain information in an attached PDF document, which facilitated Remcos installation, according to a report from Ukraine's Computer Emergency Response Team. Remcos, which could enable not only remote access and data exfiltration but also evade antivirus systems, has already been leveraged by UAC-0050 in two campaigns targeted at Ukraine in February, the first of which involved phishing emails spoofing payment reminders from major Ukrainian internet service provider Ukrtelecom, while the other used emails masquerading as official Kyiv court requests. UAC-0050 leveraged Russian firm REG.RU for domain registration but has not yet been linked to a specific nation-state actor.