Ukrainians targeted with Cobalt Strike, CredoMap malware

Ukrainians are facing targeted phishing campaigns by the ‘The 28’ hacking group, believed to be linked to Russia. The emails, warning of various issues, aim to trick recipients into downloading malicious software like Cobalt Strike or CredoMap.

‘The APT28’ (aka Fancy Bear) hacking group supported by Russia is believed to be responsible for a recent spike in phishing campaigns that are spread by email, warns The Ukrainian Computer Emergency Response Team (CERT-UA Team)

CERT-UA Team explained that emails warning of ‘unpaid taxes’ or ‘nuclear terrorism’ are intended to lure victims into opening the file contained in the email. They cautioned that opening the files might cause users to download the malicious software Cobalt Strike or CredoMap.