32/68 Thursday, January 23, 2025
Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a warning about malicious actors impersonating CERT-UA to send fake AnyDesk connection requests. These requests falsely claim to be for cybersecurity inspections. The attackers are using CERT-UA’s logo and fake AnyDesk IDs to deceive targets, employing social engineering techniques to build credibility.
CERT-UA stated that the attacks occur when the attackers obtain the victim’s AnyDesk ID and the AnyDesk software is active on the system. The ID may have been acquired through prior device access or other vulnerabilities. The agency advises only enabling remote access software when necessary, verifying requests through official channels, and reporting any suspicious activity immediately to prevent damage.
At this time, CERT-UA has not confirmed whether these attacks are linked to Russian APT groups such as UAC-0010, UAC-0050, or UAC-0006. Additionally, there is no clear information about the targets of the attacks, which could provide insights into the attackers’ motivations and help identify them in the future.
