
Ukraine’s Computer Emergency Response Team (CERT-UA) has issued an alert regarding ongoing cybersecurity threats where attackers are impersonating the agency through fraudulent AnyDesk connection requests. These attempts claim to conduct security audits, exploiting user trust through social engineering tactics.
Key Security Findings:
– CERT-UA confirms legitimate use of AnyDesk only after prior authorization through official channels
– Attacks require pre-installed AnyDesk software and target’s identifier
– Over 1,042 cyber incidents detected in Ukraine during 2024
– Malicious code and intrusion attempts comprise 75% of all incidents
Major Threat Actors:
1. UAC-0010 (Aqua Blizzard/Gamaredon): 277 incidents
2. UAC-0006: 174 incidents
3. UAC-0050: 99 incidents
Recent Developments:
– Discovery of 24 unreported .shop domains linked to pro-Russian GhostWriter group
– Sticky Werewolf conducting spear-phishing campaigns against Russian enterprises
– Other active threat groups: Core Werewolf, Venture Wolf, and Paper Werewolf
Recommended Security Measures:
– Enable remote access programs only when necessary
– Coordinate remote access through official channels
– Verify authenticity of security audit requests
– Monitor for suspicious connection attempts
The cyber conflict continues to escalate as both Ukrainian and Russian entities face sophisticated cyber attacks, focusing on data theft, espionage, and operational disruption.