On August 12, the Ukrainian Computer Emergency Response Team (CERT-UA) discovered a mass distribution of emails containing malicious software posing as a message from the Ukrainian Security Service (SSU).

The emails contain a link to download a file called “Document.zip” that, when clicked, triggers a download of the MSI file. This file launches a malware called ANONVNC that, when opened, allows attackers to gain unauthorized access to a victim’s device.

CERT-UA has identified over 100 affected devices within central and local government agencies and urges everyone to be cautious and vigilant. It advises users to contact CERT-UA if you suspect any activity.

The activity is tracked as UAC-0198 and CERT-UA is taking action to to mitigate the threat.