The hacker group UAC-0050 sent emails claiming to be from Ukrainian government agencies to Polish state authorities, the State Special Communications Service reported on Dec. 8.
Government employees in Poland and Ukraine received emails with subject lines related to "debts" and "legal claims," according to an investigation carried out by the Computer Emergency Response Team of Ukraine (CERT-UA). The emails also contained attachments in the form of password-protected RAR files.
When opened, these files could infect users' computers with RemcosRAT or MeduzaStealer malware.
The emails came from legitimate government accounts that had been compromised, according to CERT-UA. Many of them came from the gov.ua domain.
CERT-UA is reportedly taking measures to localize and counteract the cyber threat.
The UAC-0050 hacker group has previously sent emails impersonating the Security Service of Ukraine (SBU), the Pechersk Court, and Ukrtelecom.
The State Special Communications Service came under new leadership on Dec. 1. Yurii Myronenko was named the new agency head after its previous chief Yurii Shchyhol was dismissed amid charges of embezzlement.