CERT-UA Warns of HTA-Delivered Cyber Attacks Targeting Ukrainian Government and Defense Sectors

CERT-UA has warned of cyber attacks by UAC-0099 targeting Ukrainian government and defense sectors. The attacks use phishing emails with malicious HTA files disguised as court summons. These HTA files execute C# scripts to deploy malware like MATCHBOIL and MATCHWOK. HTA files are dangerous as they run with user-level permissions, making them effective for malware delivery. The use of C# scripts adds complexity to detection efforts. The targeting of government and defense entities suggests potential state sponsorship. These attacks highlight the evolving tactics of threat actors, emphasizing the need for robust email security, endpoint protection, and user awareness training. Organizations should monitor for unusual C# script executions and implement systems to detect and block malicious HTA files.