Ukraine warns of new phishing campaign targeting its critical infrastructure

The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of phishing emails targeting critical infrastructure with Cuba Ransomware. The operations are linked to the threat actor ‘Tropical Scorpius’.

As explained by CERT-UA Team, phishing emails impersonated the Press Service of the General Staff of the Armed Forces of Ukraine, enticing recipients to click a link. After clicking on a link, victims are lured to update the PDF Reader software to read the embedded document. Upon clicking the ‘DOWNLOAD’ button, victims are infected with malware known as ‘ROMCOM RAT.’