UAC-0056 cyberattack on Ukrainian authorities using GraphSteel and GrimPlant malware
released on 2022-03-30 @ 03:12:09 PM
The Governmental Computer Emergency Response Team of Ukraine CERT-UA received information on the distribution of e-mails on the topic "Wage arrears" among government agencies of Ukraine. Attached to the letter is the document "Wage arrears.xls", which contains legitimate statistics and macros. At the same time, hex-coded data has been added to the mentioned document as an attachment. The macro, after activation, will decode the data, create the EXE-file "Base-Update.exe" on the computer and execute it.