Alert: Hackers Pose as Ukraine’s CERT Using Fake AnyDesk Audit Scam

Alert: Hackers Pose as Ukraine's CERT Using Fake AnyDesk Audit Scam

CERT-UA Warns of Impersonation Attacks Using AnyDesk

Ukraine’s Computer Emergency Response Team (CERT-UA) has issued an alert regarding ongoing cybersecurity threats where attackers are impersonating the agency through fraudulent AnyDesk connection requests. These attempts claim to conduct security audits, exploiting user trust through social engineering tactics.

Key Security Findings:
– CERT-UA confirms legitimate use of AnyDesk only after prior authorization through official channels
– Attacks require pre-installed AnyDesk software and target’s identifier
– Over 1,042 cyber incidents detected in Ukraine during 2024
– Malicious code and intrusion attempts comprise 75% of all incidents

Major Threat Actors:
1. UAC-0010 (Aqua Blizzard/Gamaredon): 277 incidents
2. UAC-0006: 174 incidents
3. UAC-0050: 99 incidents

Recent Developments:
– Discovery of 24 unreported .shop domains linked to pro-Russian GhostWriter group
– Sticky Werewolf conducting spear-phishing campaigns against Russian enterprises
– Other active threat groups: Core Werewolf, Venture Wolf, and Paper Werewolf

Recommended Security Measures:
– Enable remote access programs only when necessary
– Coordinate remote access through official channels
– Verify authenticity of security audit requests
– Monitor for suspicious connection attempts

The cyber conflict continues to escalate as both Ukrainian and Russian entities face sophisticated cyber attacks, focusing on data theft, espionage, and operational disruption.

Share This Article