Ukrainians targeted with Cobalt Strike, CredoMap malware

‘The APT28’ (aka Fancy Bear) hacking group supported by Russia is believed to be responsible for a recent spike in phishing campaigns that are spread by email, warns The Ukrainian Computer Emergency Response Team (CERT-UA Team)

CERT-UA Team explained that emails warning of ‘unpaid taxes’ or ‘nuclear terrorism’ are intended to lure victims into opening the file contained in the email. They cautioned that opening the files might cause users to download the malicious software Cobalt Strike or CredoMap.