Remcos RAT: Hackers Target Ukrainian Government with Surveillance Tool

A novel cyberattack on Ukrainian government institutions was executed using Remcos, a remote access tool painfully familiar in research circles.

Developed by the German company Breaking Security, Remcos is a potent Remote Access Trojan (RAT) software. Marketed as a legitimate administrative tool, it can be exploited by hackers for complete control over infected systems.

Reportedly, in a recent malicious campaign, hackers disseminated phishing emails containing Remcos RAT attachments disguised as PDF files, purportedly sent by the Security Service of Ukraine (SSU).

The counterfeit emails demanded information allegedly crucial for the country’s “national security,” along with the aforementioned malware. In the email’s text, hackers cautioned their victims that failure to provide the necessary information within a specified period would lead to accountability. This social engineering tactic is often employed by malefactors to induce anxiety and lower the vigilance of their targets.

The malicious operation is attributed to the UAC-0050 group, active since 2020 and targeting not only Ukraine but also Russia and the Baltic countries. In February, the group launched two attacks on Ukrainian state agencies using the Remcos spyware. In one instance, hackers sent phishing emails masquerading as official requests from a Kyiv court. The aim of the hackers’ latest campaign remains unclear, but experts surmise it likely involves straightforward espionage.

Remcos RAT offers not just remote access but also the capability to harvest data from target devices, including computer information and users’ data. The program can circumvent antivirus protection by operating as a legitimate Windows process, hence its frequent use by hackers for cyber espionage.

In the current geopolitical climate, such cyberattacks serve as a stark reminder of the need for calm and vigilance, meticulously scrutinizing all information before taking any action. Malefactors may deliberately exert pressure on their victims, emphasizing the urgency of the situation, yet in reality, this is merely a cunning ploy to acquire valuable information.