Security Awareness – Beware of Russia-Ukraine Themed Phishing

Amidst Russia’s ongoing invasion of Ukraine, threat actors are using phishing emails related to the conflict to deliver malware and infect victim computers with remote access trojans (RAT). After installing RATs on a target system to gain remote access, adversaries can then steal sensitive information, conduct network reconnaissance, disable security software, and other malicious activities. Security researchers at Bitdefender Labs are tracking two distinct phishing campaigns with themes leveraging the conflict. One campaign purports to be a survey about supply chain disruptions. The survey is actually a ZIP attachment containing Agent Tesla RAT. The second scam involves the commonly used macro-laced Excel document. Once macros are enabled, Remcos RAT is deployed. Finally, other phishing emails are reportedly impersonating Ukrainian charities and asking victims for financial donations. Members are encouraged to remind users of the prevalence of threat actors to leverage current events in phishing emails and to use extreme caution when receiving unsolicited news/information.  Read more at BleepingComputer.