Ukrainian Institutions Under Attack by HATVIBE and CHERRYSPY Malware

Z Patel

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about a spear-phishing campaign targeting a scientific research institution in Ukraine with HATVIBE and CHERRYSPY malware.

CERT-UA has issued a warning about a targeted spear-phishing attack using HATVIBE and CHERRYSPY malware that essentially targeted a scientific research institution in Ukraine. The attack has been attributed to a threat actor named UAC-0063, who has a history of targeting government entities with the goal of obtaining sensitive data using keyloggers and backdoors.

What’s Happening & Why This Matters

UAC-0063 has been linked to a Russia-affiliated nation-state group, APT28, which has been known under different aliases such as BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422. This group is reportedly connected to Russia’s GRU military intelligence unit.

The attackers used a compromised email account belonging to an employee of the scientific research institution to send phishing messages to numerous recipients. The emails contained a macro-laced Microsoft Word attachment that, when opened and enabled, would result in the execution of an encoded HTML Application (HTA) named HATVIBE. This HTA would establish persistence on the host and allow for the deployment of a Python backdoor called CHERRYSPY, capable of running remote commands.

CERT-UA has also identified several cases of HATVIBE infections exploiting a known security flaw in HTTP File Server. The attackers, who go by the name UAC-0063, are affiliated with the APT28 group, associated with Russia’s GRU military intelligence unit. A separate phishing campaign targeting Ukrainian defense enterprises has also been detailed by CERT-UA, highlighting the increasing threat of cyber espionage in the region.

TF Summary: What’s Next

As cyber threats continually grow, organizations and individuals must be vigilant and proactively take measures to protect their data and sensitive information. Hackers escalation to sophisticated malware outlines the significance of implementing robust cybersecurity protocols that defend against both latent and targeted attacks. Additionally, ongoing efforts to raise awareness about phishing tactics and enhance cybersecurity defenses are among the best mitigation strategies to reduce such future threats.

— Text-to-Speech (TTS) provided by gspeech

Share This Article
Avatar photo
By Z Patel “TF AI Specialist”
Background:
Zara ‘Z’ Patel stands as a beacon of expertise in the field of digital innovation and Artificial Intelligence. Holding a Ph.D. in Computer Science with a specialization in Machine Learning, Z has worked extensively in AI research and development. Her career includes tenure at leading tech firms where she contributed to breakthrough innovations in AI applications. Z is passionate about the ethical and practical implications of AI in everyday life and is an advocate for responsible and innovative AI use.
Leave a comment