Ukraine Computers Backdoor Malware: What’s Happening?

In recent months, Ukrainian state agencies have been targeted by a sophisticated phishing campaign. The attackers gained access by sending emails that appeared to be from Ukraine’s security service (SBU).

These emails included a .zip file that, when opened, launched a remote-access malware called ANONVNC. The malware was identified by Ukraine’s Computer Emergency Response Team (CERT-UA) and is based on an open-source tool called MeshAgent.

So far, over 100 computers, many belonging to state agencies, have been compromised by this malware since July 2024. The hacker group behind this attack is tracked as UAC-0198, though details about their origins remain unknown. CERT-UA has swiftly implemented measures to minimize the risk of further infections.

MeshAgent can infiltrate systems in a variety of ways, often through email campaigns that contain malicious macros. MeshAgent is linked with another remote management tool: MeshCentral.

July also saw other cyber threats in Ukraine. In one case, cybercriminals set up a fake site mimicking Ukraine’s popular news portal, Ukr.net, to steal personal information and infect users’ systems with malware. This campaign was attributed to a threat actor tracked as UAC-0102.

Around the same time, a suspected Belarusian state-sponsored group named GhostWriter targeted Ukrainian organizations using PicassoLoader malware. The hackers appeared to be interested in financial and economic data, taxation info, and local government reforms.

CERT-UA has taken urgent steps to mitigate further attacks. The broader impact and intention behind these campaigns remain unclear, but the frequent targeting of Ukrainian institutions suggests a focused and ongoing threat.

About the author

Avatar photo

David Marshall

David follows the latest computer hardware trends: CPUs, GPUs, RAM, SSDs/HDDs, Mobos, CPU Coolers, and more. While some people may enjoy building birdhouses or model planes on their weekends, David opts to build and customize gaming rigs.