Ukraine warns of new phishing campaign targeting its critical infrastructure

Ukraine alerts about a new phishing campaign threatening critical infrastructure with Cuba Ransomware. Emails impersonate military sources and lead victims to malware, reportedly tied to Tropical Scorpius threat actor.

The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of phishing emails targeting critical infrastructure with Cuba Ransomware. The operations are linked to the threat actor ‘Tropical Scorpius’.

As explained by CERT-UA Team, phishing emails impersonated the Press Service of the General Staff of the Armed Forces of Ukraine, enticing recipients to click a link. After clicking on a link, victims are lured to update the PDF Reader software to read the embedded document. Upon clicking the ‘DOWNLOAD’ button, victims are infected with malware known as ‘ROMCOM RAT.’