Hackers steal data from UKR.NET users' accounts

The use of public email services, along with corporate email accounts, is a fairly common practice among government officials, military personnel, and employees of other Ukrainian enterprises and organizations.

In view of the above, and given the lack of security tools to verify emails, such services are used, among other things, as an additional way to implement malicious intent.

Thus, during July 2024, the UAC-0102 group distributed emails with attachments in the form of archives containing an HTML file, the opening of which redirects the user to a web resource that imitates the UKR.NET service web page.

If you enter your login and password, the authentication data will be sent to the attackers, and a document will be downloaded to the victim's computer as a bait.

To reduce the attack surface, we recommend that you

• enable two-factor authentication;
• avoid using public email services from company computers;
• set up a filter to redirect copies of incoming emails to the corporate email address, which will allow you to analyze the email, albeit retrospectively, with the available security tools.