The government team of cyber specialists CERT-UA, which operates under the State Intelligence Service, warns of a new scheme of cyber attacks aimed at Ukrainian defense enterprises, using the theme of procurement of unmanned aerial vehicles (UAVs).
New cyber attacks using the theme of UAV procurement to target Ukrainian defense enterprises. Attackers send emails with a ZIP attachment containing a PDF document with a link. The victim is prompted to click on a link to allegedly “download missing fonts.” After the transition, the GLUEEGG malware is downloaded, which launches the DROPCLUE bootloader. DROPCLUE downloads and opens two files: a decoy PDF file and an EXE file that installs a legitimate ATERA remote control program, giving attackers unauthorized access to the victim’s computer.
The hacker group UAC-0180 actively attacks employees of defense enterprises and the Defense Forces of Ukraine, constantly updating its arsenal of malicious programs. The State Special Communications Service calls for increased caution when receiving suspicious e-mails.