Cyber attack on state organizations of Ukraine using the OK theme "South" and the malicious program AgentTesla
released on 2022-07-22 @ 12:25:13 PM
The government computer emergency response team of Ukraine CERT-UA discovered the file "Report_050722_4.ppt", which contains a thumbnail image that mentions the operational command "South".
In the case of opening the document and activating the macro, the latter will ensure the creation of the files "gksg023ig.lnk" and "sgegkseg23mjl.exe", as well as the execution of the LNK file using rundll32.exe, which in turn will lead to the launch of the mentioned EXE file.