Cybercriminals, pretending to be Ukrtelecom, spied on the state authorities of Ukraine

Cybercriminals, pretending to be Ukrtelecom, spied on the state authorities of Ukraine

Emails allegedly sent on behalf of Ukrtelecom contained files that launched a spyware program, reports the Government Computer Emergency Response Team of Ukraine CERT-UA.

We help


E-mails with the subject “Court claim against your personal account # 7192206443063763 dated: 06.02.2023” and an attachment in the form of a RAR archive “court letter, information about debt.rar” were received on the computers of employees of state authorities of Ukraine. The attachment contained a text document and another password-protected archive with an embedded file “court letter, debt information.pdf.exe” over 600 MB in size.

Cybercriminals, pretending to be Ukrtelecom, spied on Ukrainian authorities

When the file was launched, Remcos – a program for remote monitoring and surveillance from the BreakingSecurity company – was installed on the computer. It is usually used for legitimate remote administration, but in this case the hackers planned to spy on the victims’ computers.

Tame Power BI and predict the future of your company.


“The detected activity has been tracked under UAC-0050 since at least 2020. Previous cyberattacks were carried out using the RemoteUtilities remote administration program. Based on the functionality of the programs and the fact that the objects of cyberattacks are usually the state authorities of Ukraine, it is considered that the attack is carried out for the purpose of espionage,” says CERT-UA.

Previously, cybercriminals already tried to steal data, masquerading as the Ministry of Foreign Affairs of Ukraine, as well as the State Emergency Service (using the theme of Iranian Shahed-136 kamikaze drones). In October-November 2022, similar letters also allegedly came from the State Special Communications, the press service of the General Staff of the Armed Forces of Ukraine, the Security Service of Ukraine, and from CERT-UA.

The developer pretended to be a hacker and demanded $2 million in cryptocurrency from his own company — he was exposed due to a VPN malfunction

Related Posts

1000W CPUs Coming in 2025 – Giga Computing Publishes NVIDIA, AMD and Intel Data Center Chip Roadmap

Giga Computing is a subsidiary of Gigabyte, specializing in the market of corporate computing and solutions based on the latest data center architectures. The company presented a…

“Kyivstar” has updated LOVE UA prepaid tariffs — from UAH 190 to UAH 330 in 4 weeks

On May 16, “Kyivstar” launched an updated “patriotic” line of LOVE UA subscription tariffs, which will become the main offer (in the prepaid segment) of the operator…

Google will soon start deleting accounts that have been inactive for 2 years

Google has decided to update the rules governing inactive accounts. The company announced that it will begin deleting accounts that have been inactive for at least two…

Tesla Optimus humanoid robots slowly “walk” through the shops with a Cybertruck and very accurately reproduce human movements.

Tesla has released a new video featuring its Optimus humanoid robots – they walk more confidently, recognize their environment and interact with objects. In general, the robots…

The head of OpenAI, Sam Altman, proposed creating an agency to control AI and issue development licenses

At a US Senate hearing, OpenAI CEO Sam Altman suggested creating an agency to oversee AI models that operate “above a certain level of capability.” The agency…

Musk Says There Would Be No OpenAI and ChatGPT Microsoft Now “Controls” Without Him – Satya Nadella Says That’s “Not So”

Tesla CEO Elon Musk said in an interview with CNBC that he is the reason OpenAI exists, citing his previous investments in the company. “I came up…

Leave a Reply

Your email address will not be published. Required fields are marked *