As reported by the government response team to computer emergency events in Ukraine CERT-UA, a grouping associated with the Russian Federal Security Service UAC-0010 (Armageddon ) carries out a new cyber attack As stated in the message, the hackers are sending dangerous emails with the theme "About the action of revenge in Kherson!", which contain attachments in the form of a file "Plan Kherson.htm".

If a person opens the file, a new file is created on the victim's computer - "Herson.rar" with the shortcut "Plan of approach and laying explosives on critical infrastructure facilities in Kherson.lnk". And as an end result, the GammaLoad.PS1v2 malware is downloaded. The UAC-0010 (Armageddon) hacker group is among those that have been actively attacking our country's critical information infrastructure since the beginning of Russia's full-scale military invasion of Ukraine. During cyber attacks, hackers use topics that are painful for Ukrainians. There have also been cases of cyber attacks by this group against EU countries," the State Security Service reported.

The Russian media and pro-Kremlin telegram channels circulated a statement from the Russian Embassy in the United States stating that Russia "was not engaged in cyber aggression. With this statement, the Russian institution tried to argue that Russian hackers attacked the KA-SAT satellite network. Recall that the kink was known back in March 2022. In fact, EU High Representative for Foreign Affairs and Security Policy Josep Borrel reported, that Russia carried out a cyberattack on the KA-SAT satellite network operated by Viasat on February 24, an hour before the full-scale invasion of Ukraine. The attack, he said, caused disruptions in communications between several government agencies, businesses and users in Ukraine, as well as affecting several EU member states.

The Russian embassy's claims that Russia allegedly uses "information and communication technologies exclusively for the benefit of the development of the world community" are blatant lies. Just before the full-scale invasion of Ukraine by Russian troops, according to Microsoft, at least six hacker groups affiliated with the Russian Federation carried out 237 cyber attacks against Ukrainian businesses and government institutions. And in the first month and a half since the full-scale war began, Ukraine has experienced 362 cyber attacks. The Security Service of Ukraine, in its turn, reported, that the Russian special services planned to destroy the entire cyber defense of Ukraine: the night of February 24 saw the largest number of hacker attacks on Ukrainian systems.

Russia's attempts to shift responsibility to the United States, saying that it is America that is "one of the main sources of global cyberthreats" is also a manipulation. After all, Canada's Communications Security Center previously reported, that Russia, China and Iran are responsible for the majority of cyber threats against democratic processes around the world.

According to the Slavyansk City Military and Civil Administration, residents of the community receive a notice that Privatbank, Monobank, and Oschadbank will allegedly charge each user 3,000 UAH in connection with Russia's military aggression. However, this is a fake. The civil-military administration urges people not to click on the links that come in such messages, so as not to get hooked by fraudsters.

Reports that Ukrainians can get back the value added tax they paid are spreading in social networks. In particular in Facebook. Messages of such content appear in the network not for the first time. In a message advertised on Facebook, a page called UA News with stolen branding TSN informs that "every resident of Ukraine can get a refund of value added tax from 7000 to 90 000 hryvnia". And in order to get the money, you need to follow the link and click "get compensation." "Next, you are assured that you are on the official website of the authorized unit for financial protection of the population - EKC PNGK. Probably, you mean the Unified Compensation Center for the Return of Unpaid Monetary Funds, which does not exist in Ukraine! Scammers engage in phishing, because they ask you to specify an email and the last six digits of the bank card number you use most often (!). Of course if you use it often, there is most likely money on it. The purpose of such scheme is to trick you into giving out your personal confidential data. Most likely, having specified this data, the next step is to enter the card expiration date and CVV2 code. Thus, the attackers will get access to all the funds in the account", - write the fact checkers of the project "Brekhunets".

The fraudsters' messages say that allegedly at the link everyone officially working has the opportunity to receive monetary support from the state in the amount of 3000 hryvnias. According to the fact-checkers of "Stop Fake Dnipro" project, the link opens "Privatbank" page, where you have to indicate your card number and CCV code.From what data you enter, we can conclude that the project is fraudulent, which aims to steal money from the cards of people who will register using the link "Neither "Diia", nor Ministry of Digital Transformation send any SMS or messages in social networks. The crediting of funds is reported by the "Action" app and push notification bank, which contains only text - no links," the fact checkers said in a statement.

According to the Ukrainian government emergency response team CERT-UA, acting under the State Service of Special Communication and Information Security, hacker group Armageddon attacks state agencies of Ukraine with dangerous e-mails with the subject line "¹ 1275 of 07.04.2022". The emails contain an HTML file, which, when opened, creates an archive on the computer with a file called "On the facts of persecution and murder of Prosecutor's Office employees by the Russian military in the temporarily occupied territories.lnk". If opened, hackers can gain full control over the computer and steal confidential information or damage data and computer systems. Read more.

According to the State Service of Special Communications and Information Protection, the attackers use painful for Ukrainians topics, in particular, "parasitize" on information about personal data of the Russians who committed war crimes.

It is reported that Russian hackers send such emails, in particular, to the emails of state bodies of Ukraine. The dangerous e-mails contain an HTML file "Military criminals of the Russian Federation.htm", the opening of which will lead to the creation of a RAR-archive "Viyskovi_zlochinci_RU.rar" on the computer. According to the State Service for Special Communications and Information Protection, the archive contains a shortcut file "Military criminals destroying Ukraine (home addresses, photos, phone numbers, pages in social networks).lnk".

The State Service of Special Communication and Information Protection warns that opening the letter will lead to the fact that the attackers will gain remote access to the victim's computer. The activity is associated with the activities of the group UAC-0010 (Armageddon).

Social networks spread manipulative messages that the mailing from "Ukraine" with a link to mywar.mkip.gov.ua is a phishing attack. "Do not open, delete this in order to obtain data", the purpose of the mailing is "to obtain data (contacts and chats in messengers)" - said in messages that were distributed to Ukrainians in social networks. In fact, the Ukraine account, from which the mailing is performed, belongs to the State Service for Special Communications and Information Protection. The website mywar.mkip.gov.ua was created by the Ministry of Culture and Information Policy of Ukraine so that citizens could tell their war stories to the world.

This was reported by the British edition of The Times, citing "internal documents of the Security Service of Ukraine. SBU spokesman Artem Dekhtiarenko denied the information: The SBU did not provide the media with any official information about cyberattacks from China and has nothing to do with the conclusions made public in the British publication. The State Service for Special Communications and Protection of Ukraine notes that cyber attacks on state information systems and critical information infrastructure facilities in Ukraine are carried out by Russian and pro-Russian hackers.

The video, in which Ukrainian President Volodymyr Zelensky talks about how difficult it is to run the country and announces Ukraine's capitulation to the war with Russia, is a deep fake. Before the video appeared online, hackers hacked a news feed on Ukraine 24 and released the same fake message allegedly from President Volodymyr Zelensky about the "surrender." Instead, the president recorded a video address, calling the fake a "childish provocation," urging Russians to lay their arms down.

Volodymyr Zelensky did not record a video urging Ukrainians to surrender. Earlier, the SBU warned Ukrainians that Russian propaganda was preparing similar deep fakes, on which Zelensky would call on the Ukrainian army to lay down its arms.

On March 16, hackers broke the news feed on Ukraine 24 TV channel and published a fake report allegedly from President Volodymyr Zelensky about the "surrender". Instead, the president recorded a video address, calling the fake a "childish provocation" and urging Russians to lay down their arms.

Read more

The NBU notes that they do not send such letters, and the messages received by people contain payment details of fraudsters.

“The National Bank of Ukraine urges citizens to be vigilant and careful in the information space. Please note that the National Bank does not send letters to citizens by e-mail. All information on financial assistance in support of the Armed Forces of Ukraine and humanitarian purposes is published exclusively through the official channels of the National Bank—on the official website page and social networks of the NBU," says the statement.

Russian propagandists have been spreading such information on social networks since the beginning of March. Allegedly, due to the hacker attack, "755 websites of the Ukrainian authorities" were hacked, and "the entire government Internet" stopped working.

According to VoxCheck, these are sites with the domain gov.ua. "Some posts include screenshots of several such sites, which now display calls for the Ukrainian military to "lay down their arms," as well as fake appeals on behalf of Volodymyr Zelensky that he allegedly signed a peace treaty with Russia," VoxCheck writes. However, all this is fake. According to fact-checkers, hackers hacked only specific sites of regional authorities. Read more

Minister of Digital Transformation Mykhailo Fedorov said that the Russian FSB, under the guise of the Security Service of Ukraine, sends phishing letters of non-existent evacuation. The letters contain links to files of an indeterminate nature. Under no circumstances should you follow links, open attachments, or install anything.