The Computer Emergency Response Team of Ukraine (CERT-UA) under the SSSCIP warns about a new cyberattack on the critical infrastructure of Ukraine.

Our experts have detected circulation of emails titled “Повідомлення про несплату податку” (Ukrainian for “Unpaid Tax Notification”) allegedly from the “State Tax Service of Ukraine.” Those contain an archive named “НакладенняШтрафнихСанкцiй. zip” (Ukrainian for “Imposing Penalties”) with a docx file under the same name within. Opening the file eventually results in downloading the Cobalt Strike Beacon malware. This activity is tracked by UAC-0098.

Another cyberattack has been waged through dissemination of a malicious document “Nuclear Terrorism A Very Real Threat.rtf.” Its opening results in downloading and launching of CredoMap malware. This activity is associated with the APT28 group.