Hackers targeting Ukrainian orgs with MerlinAgent info stealer
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning about a new information-stealing campaign targeting Ukraine’s government entities with the MerlinAgent malware.
The attacks were first spotted in July 2023, according to a security alert.
The new campaign involves malicious messages purportedly sent from CERT-UA that contain an attachment in the form of a CHM file named “Внутрішні кіберзагрози” (Internal Cyber Threats).
Upon opening, the file will trigger the execution of a JavaScript code and a PowerShell script meant to download and unzip a GZIP archive named “ctlhost.exe.tmp” containing an executable file (ctlhost.exe). When executed, this file will download the MerlinAgent malware onto the compromised system.
CERT-UA is tracking this malicious activity as UAC-0154.
Latest Posts
What is Vulnerability Management? A Beginner's Guide
In this article will try to cover basics of vulnerability management process and why it is important to every company.
Cyber Security Week in Review: September 6, 2024
In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore
Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.