Ukraine Under Siege: Cyber Attacks Unleash GIFTEDCROOK Malware Havoc
Cybersecurity bulletin: CERT-UA uncovers a new phishing attack targeting Ukrainian institutions. The attack distributes emails with macro-enabled Excel files, deploying malware such as GIFTEDCROOK to steal sensitive data. Remember, if it looks sketchy and smells phishy, it’s best to click “delete,” not “enable.”
Hot Take:
Ukraine’s institutions are under cyber siege again, and this time, it’s not just a game of digital tag but a full-on malware masquerade party. With cyber attackers throwing phishing emails like confetti, it’s clear they didn’t RSVP to the ‘let’s not steal sensitive information’ party. And with GIFTEDCROOK on the guest list, it’s a browser’s worst nightmare. As for those European government targets, it seems they’re caught in a RDP tango with a suspected Russian espionage actor. Who knew malware could have such killer dance moves?
Key Points:
- Ukrainian institutions are targeted with information-stealing malware via phishing emails.
- The attackers use a macro-enabled Microsoft Excel spreadsheet that deploys PowerShell scripts and GIFTEDCROOK malware.
- GIFTEDCROOK steals data from web browsers, including cookies and authentication data.
- European governments and military organizations are also targets of a phishing campaign using RDP connections.
- Phishing campaigns utilize fake CAPTCHAs and Cloudflare Turnstile to distribute malware like Legion Loader.