Ukraine's government computer emergency response team CERT-UA, which operates under the State Service of Special Communications and Information Protection of Ukraine, reported a new cyber attack: massive sending of emails with the topics "Information Bulletin" and "Combat Order."

They are supposedly sent to private email addresses from the National Academy of the Security Service of Ukraine. Opening the attachments in the emails will lead to the launch of the malicious program GammaLoad.PS1_v2 on the computer and, as a result, data theft. The attack is associated with the Russian FSB hacker group Armageddon (UAC-0010).

The Russians distributed the fake information as a copy of a printed document entitled "Urgent notice regarding probable missile strikes soon on the territory of Ukraine." It is a fake. As the company reports, "it is a fake, a throw-in and just a clumsy discredit aimed at taking revenge on Molfar for their work for Ukraine." The information in the fake document is presented "in the style of a cabinet order of the power structure, where decision-making depends on seals and signatures." This style of formulating texts is not characteristic of Molfar researchers. Fact-checkers point out that they do not have insider information about missile attacks, and it is impossible to predict missile flight routes based on OSINT analytics. The logo of the Molfar brewery was also used in the fake document. The company urges us to verify the information and not to believe fakes. More details.

In the messages received on social networks supposedly on behalf of the SSU, it is said that "new rules of communication are appearing in Ukraine - all calls will be recorded, and all messengers will be monitored."

It is not true, and the SSU does not send such letters to users. According to the Center for Combating Disinformation, the disinformation campaign of the occupiers aims to discredit the country's leadership, as well as psychological pressure on the people.

The fake that in wartime all calls of Ukrainians will be listened to is not new. Such information has been circulating since the first weeks of the full-scale invasion, but there is no official confirmation of this data. In official departments, the report was denied every time.

As reported by TAVR Media, the largest radio holding in Ukraine. Ukrainian radio stations broadcast an urgent announcement that the President of Ukraine, Volodymyr Zelensky, was in intensive care and was in serious condition.

This information is fake, and Russian hackers hacked the radio stations' broadcasts. "Today, there was a cyber attack on the servers and networks of TAVR Media radio stations. Now the relevant services are working on solving this problem," said the report.

The Government Computer Emergency Response Team of Ukraine, CERT-UA, has warned of a new cyber attack in which criminals are sending the file "Report_050722_4.ppt", which contains a thumbnail image that mentions the operational command "South." If you open the document, it will open the AgentTesla malware on your computer and steal your information. CERT-UA noted that the attack could be directed against state organizations in Ukraine.    

The Center for Combating Disinformation reports that recently, the enemy has been sending out messages that "from July 19 to 21, mass rocket attacks are planned" in some cities of Ukraine, and "from the side of Belarus, sabotage groups will advance up to 15-20 kilometers through the territory of Ukraine to distract our troops in other directions".

In this way, the enemy uses a manipulative appeal to an "anonymous authority" because they send supposedly "insider" information from a "reliable source somewhere in the department" to influence Ukrainians. As noted in the Center, since the beginning of the full-scale war, there has been a high probability of missile attacks throughout the territory of Ukraine.

Therefore, you should not ignore air warning signals and must immediately go to the nearest shelter.

The Center for Combating Disinformation has updated the list of Telegram channels that spread Russian disinformation under the guise of Ukrainian ones. In July, six channels were added to the list, including "Ukrainian Format" and "Ukraine Novosti."

On Facebook, messages about a fake raffle from the "ATB" supermarket chain were spread, supposedly for the 29th anniversary of the chain for residents of Volyn.

The participants of the so-called raffle were promised several HP laptops and iPhone 13. Fact-checkers of the Brekhunets project discovered another fraudulent scheme.

Fraudsters offered everyone to register to participate in the draw through a special form. Moreover, you need to select "free gift card" and download a document with unknown content, probably a virus or other software tweaks that attackers use to gain remote access to personal devices and their information.

The information about the fake raffle was denied on the official Facebook page of the "ATB" trade network. "ATB" representatives call for vigilance and attention, not to participate in fraudulent promotions, and advise to look for trustworthy information about promotional offers on the company's official website and official pages on social networks.

Previously, we wrote about a fraudulent scheme that allegedly guaranteed Volyn residents payments of UAH 9,800 from the European Union, but instead, criminals tried to steal bank card data.

According to the State Intelligence Service, the public authorities of Ukraine received new dangerous letters with the subject "Specialized prosecutor's office in the military and defense sphere. Information about the availability of vacancies and their staffing". According to the department, the letters have an attachment in the form of an XLS document containing a macro, the activation of which will lead to the creation and launch of the "write.exe" file on the computer. It may cause the device to be damaged by Cobalt Strike Beacon. The State Intelligence Service associates the activity with the work of the UAC-0056 group, which was already involved in cyberattacks in Ukraine in April and March.    

The Twitter social network created a fake page of the Commander-in-Chief Armed Forces of Ukraine, Valery Zaluzhny. The General Staff of the Armed Forces reported that Zaluzhny does not have an official Twitter page.    

The fake message about social benefits to all Ukrainians with the support of European Union countries is being distributed on the Facebook social network. Fraudulent advertising was spread specifically to the Volyn region.

According to the Brekhunets, two versions of the fake were distributed this time. In the first option, they promised a refund of VAT for the last three years per Resolution 28-9329k. In the second case, each citizen was pledged to the payment of 9,800 hryvnias using a manipulative clip of a video with Volodymyr Zelensky. Next, using the link, you need to enter the bank card's last name, first name, and last six digits. Remember that the card number, CVV code, or PIN code are personal data that cannot be disclosed to anyone, not even bank employees. Resolution 28-9329k, which the authors of the messages refer to, does not exist at all. Using a reference to a non-existent document gives the impression that the offer has legal force. People write that they have been paid different amounts on the fraudulent page in the comments. Still, the state constantly clearly regulates the amounts of funds that are paid out as financial assistance to different categories of citizens. All these signs point to fraud. The goal of fraudsters is to steal card data to gain access to the personal funds of their owners. Previously, we wrote about how fraudsters offered payments from the EU using the fake page of Lesya Nikityuk or provided compensation for VAT refunds in the amount of 7-9 thousand hryvnias, etc.    

On July 2, the Russian media spread another fake about the fact that the Chief of the General Staff of Russia, Valery Gerasimov, visited the Russian occupiers' positions in Ukraine to check Russian troops' formation. Some Ukrainian online publications concerning the Russian agency "Ria Novosti" also published this "news."

There is no confirmation of it. The Ministry of Defense of Russia showed a clip edited from a photo about the general's visit, but in reality, they showed photos from two months ago.

The images used for the video about Gerasimov are dated May 5, and the "Nightingale Pomet" channel reports concerning the video metadata of the "Zirka" channel.

The cyber police reported that they exposed a group of nine criminals who, under the guise of social security payments from the EU, gained access to the bank data of more than five thousand Ukrainians. According to law enforcement officials, 100 million hryvnias were stolen from Ukrainians under this scheme. "Nine people created over 400 fake web resources to obtain citizens' banking data. Through the websites, Ukrainians were offered to form an application for the payment of financial assistance from the countries of the European Union. Hackers took surveys and entered bank card details using phishing links. After receiving the data, the attackers made an unauthorized intervention in online banking and withdrew money from the accounts," said the cyber police.

In Saint Petersburg, a vacancy for an actor for mass shooting in the previously occupied territory of Donetsk and Luhansk regions was advertised. As StratCom of the ZSU writes in a telegram, this is how they recruit "local witnesses to the atrocities of the damned Ukrainian fascists." Payment for filming - 1,300 rubles (almost $24), travel to the so-called "DPR" and "LPR," "we will shoot there."

According to the Center for Combating Disinformation at the NSDC, the occupiers are trying to collect personal data of Ukrainians. According to Viktor Andrusiv, adviser to the Minister of Internal Affairs of Ukraine, the Russian special services created the spektr_robot bot for this purpose.

The Center warns not to use it to protect yourself and provides blocking instructions: you need to enter the name of the bot in the Telegram search bar; go to the settings of the specified bot (without clicking "start"); choose to "complain about" the illegal storage and use of personal data and the use of said data by the occupation authorities of the Russian Federation in the occupied territory of Ukraine against civilians. "We also advise you to send information about the spektr_robot bot to the Cyber ​​Police of Ukraine using the Telegram bot StopRussia | MRIYA @stopdrugsbot," said the Center's message.

Fake accounts spread on social networks that, despite the situation in Ukraine, the hotel administration wants to give guests a happy summer vacation. "Payment can be made both in rubles and in hryvnias. Our position is neutral; we do not choose either side. We are for peace and summer vacation by the sea," the swindlers wrote online. Earlier, similar ads could be found for the Crimean hotels of this chain.

According to the journalist Andriy Tsaplienko, the Russian occupiers are distributing a fake newspaper about the "lost Zaporizhzhia region," which allegedly quotes the Commander-in-Chief of the Armed Forces of Ukraine, Valeriy Zaluzhny. The newspaper claims that the article alleges that Ukraine allegedly "lost the Zaporizhzhia region" because it "used its reserves to defend Azovstal."

On Facebook, the attackers launched an old fraudulent scheme of alleged "compensation for VAT paid," which now was combined with "assistance from EU countries." This advertisement is promoted on Facebook, using the Ukraine 24 TV channel logo. The message is illustrated by a photo of Volodymyr Zelensky with the "signed decree" captions and "urgent check of cards for payments to each citizen from UAH 9,800" to draw attention to the information in it. The post's description states that "Ukrainians will receive financial assistance from EU countries" and about "VAT refunds for the last three years." To receive "compensation," social network users are offered to go to a third-party site, where they are asked to provide all the card data, they say "for verification." With this card information, attackers will appropriate all the money in the account. A similar scheme was distributed in 2021 when photos of the host of "1 + 1" Alla Mazur were used.

On the day of Russia, the propaganda media published a lot of news about the celebration of this date in the so-called "LPR," including a rally in the occupied part of the region. According to the propagandists, all this should have convinced the audience of Russia's support for the local population. But the fact-checkers from Russia received evidence that in the column of cars that went under the flags of the invader, there were cars with Crimean license plates, from Chuvashia, from other regions of Russia. They suggest that most of them belong to the Russian military. And in the column was an ambulance, which the occupiers seized from Ukrainian medics - and did not even stick the inscription on it in Ukrainian.

The Security Service of Ukraine has exposed such fraudsters in Zaporizhzhia, said SSU spokesman Artem Dekhtyarenko.

They demanded a separate fee for their "services." Prices varied and, in most cases, depended on the emotional state of relatives.

Among the pseudo-services offered by fraudsters:

- a telephone conversation with a prisoner, for which they asked from 10 to 50 thousand hryvnias;

- release from captivity, which was estimated at 50 to 200 thousand hryvnias;

- transportation of the deceased's body - up to 10 thousand hryvnias.

"Of course, the attackers could not fulfill any of these mythical promises. And after receiving the money that was sent to them online, they just disappeared. The fraudsters monitored the Internet, where they collected data on missing Ukrainian soldiers and their families to make their words credible. The organizer of the scheme was a man currently in the temporarily occupied Mariupol. He was recently released from prison. In addition, in Zaporizhzhia, he had an associate who was responsible for the financial component and provided mobile calls, constantly changing numbers and operators. SSU special forces detained her, " Artem Dekhtyarenko said.

According to Dekhtyarenko, during the search of the suspect, in particular, the following were seized:

- Computer equipment with evidence of illegal activity;

- A large number of mobile phones and SIM cards;

- Bank cards for receiving payments; - A quarter of a million hryvnias in cash.

The Security Service draws attention to the fact that the issue of releasing prisoners of war is within the exclusive competence of public authorities.

Suppose you or your acquaintances find yourself in a situation where unknown people demand money for the "release" of a relative from captivity. In that case, you should immediately contact the Joint Center for Search and Release of Prisoners:

+38 067 650-83-32

+38 098 087-36-01

It was announced on the Polish Radio by the Speaker of the Minister-Coordinator of Special Services, Stanislaw Zharyn.

"Russian propagandists and experts promoting pro-Russian theses are frequent visitors to Italian news and journalism programs that comment on the 'special operation in Ukraine' and spread Kremlin propaganda. There are even allegations that the Italian media has become Russia's "disinformation bridgehead in the West," Zharyn said. He also added that since the beginning of the full-scale Russian aggression against Ukraine, Russian politicians and propagandists had left virtually no Italian programs on public and private channels. "They appear in the most popular interviews and talk shows in the country of entertainment, where viewers applaud the guests," says Zharyn. He also believes that although the Italian media maintains a balance, this position equates propaganda with facts.

Messages with such a thesis are spread in the Volyn segment of Facebook. "Officially! All citizens of Ukraine will receive cash payments! The amount depends on the area of ​​residence ", - it is said in the messages distributed on Facebook. In particular, such a post was published in the group "Tereveni pro VolynUA." However, this is not true.

According to the journalists of the fact-checking project "Brekhunets," there is no program in Ukraine under which all citizens, without exception, receive cash benefits. As in the pre-war period, certain vulnerable categories of the population receive social assistance. As for cash payments due to the Russian invasion, only internally displaced persons can claim these funds. New rules came into force in May to help people who had fled their homes due to the war. Only Ukrainians from certain regions approved by the government are entitled to cash benefits. Read more.

According to the Department of Strategic Communications of the Armed Forces of Ukraine, the enemy is trying to sow panic among residents of Ukrainian cities who have been liberated from occupation. "We have sent out text messages about the possible re-attack of the aggressor in the Kyiv region. Do not succumb to provocations! The Armed Forces of Ukraine are closely monitoring the actions of the Russian army at the borders, control the situation, and are always ready to meet again with the Russian occupiers." reported the administration.

According to the regional state administration, the fraudsters tried to extort funds "from the Armed Forces of Ukraine."

"It became known about the letters on fundraising for the Armed Forces of Ukraine, which are received by entrepreneurs in Volyn allegedly on behalf of the Volyn Regional State Administration. Be careful! These are scammers. The Volyn Regional State Administration did not send such letters, " said in the statement. According to the fact-checking project "Brekhunets," the regional state administration's economic department told them that several entrepreneurs had applied to the regional state administration with such a problem. As it turned out, fraudsters sent many similar letters.

 The General Staff of the Armed Forces of Ukraine has warned that Russia's special services are trying to intimidate the Ukrainian military by sending SMS, telegram, Viber, Signal, and WhatsApp messages to personal numbers threatening to break an oath, give up, surrender or side with the enemy. The General Staff of the Armed Forces of Ukraine explained that these threats are aimed primarily at morally destabilizing units of the Defense Forces of Ukraine, sowing doubts and reducing morale. "Threats of personal data (surname and name of the person, taxpayer's code, place of registration and, sometimes, data on the number and composition of the family) are increasing," the General Staff of the Armed Forces said. - The text of the threats refers to the alleged exact location of the person who received the message; it is noted that, in case of continuation of service, missile strikes will be fired at the exact residence of the telephone owner and his family. " At the same time, the personal data in these reports are usually outdated (the person has already changed the place of registration, moved to another location, changed the military unit, etc.).