The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cyber Espionage, Ukraine intelligence identifies the ARMAGEDON hackers
The Security Service of Ukraine (SSU) identified the ARMAGEDON hackers. they are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014
Ukraine cybersecurity experts identified the ARMAGEDON hackers, which carried out over 5,000 cyberattacks against public authorities and critical infrastructure of the country. It has been announced by the Ukraine Security Service (SSU). According to the Kiev intelligence, they are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014. The SSU has managed to identify the perpetrators’ names, intercept their communication and obtain irrefutable evidence of their involvement in the attacks. All of that, despite the fact that they used the FSB’s own malicious software and tools to remain anonymous and hidden online. Five members of the group have been notified of suspicion of treason.
The cybersecurity experts: ARMAGEDON carried over 5,000 cyberattacks and attempted to infect over 1,500 government systems for cyber espionage purpose
The ARMAGEDON hacker group is an FSB special project, which specifically targeted Ukraine. This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow. Since the Russian aggression in 2014, this unit has carried out over 5,000 cyberattacks and attempted to infect over 1,500 government computer systems. The attackers’ goals were:
- control over critical infrastructure facilities (power plants, heat and water supply systems);
- theft and collection of intelligence, including information with restricted access (related to security and defence sector, government agencies);
- informational and psychological influence;
- blocking information systems.