Ukraine state entities hit by cyberespionage attacks

Ukraine state bodies have been noted by the country's Computer Emergency Response Team to be subjected to a cyberespionage campaign by the UAC-0063 threat operation aimed at deploying malicious tools in compromised systems, The Hacker News reports. Attacks launched by UAC-0063 involved the delivery of phishing emails masquerading to be from the Tajikistan Embassy in Ukraine with a Microsoft Word attachment that enables the execution of a VBScript after activating macros, according to CERT-UA. The HATVIBE script then facilitates the deployment of more malware, including the LOGPIE keylogger, CHERRYSPY backdoor with command execution capabilities, and the STILLARCH or DownEx tool for file exfiltration. "Additional study of the infrastructure and related files made it possible to conclude that among the objects of interest of the group are organizations from Mongolia, Kazakhstan, Kyrgyzstan, Israel, [and] India," said CERT-UA. Such attacks suggest the continued usage of macro-based malware even after macros have been disabled by default by Microsoft for downloaded Office files.