The NCCC at the NSDC of Ukraine records the active growth of phishing attacks using the topic of the COVID-19 vaccination in Ukraine

At the beginning of the pandemic, over 18 million COVID-19 phishing messages were recorded worldwide each day. From mid-2020, their numbers gradually decreased, and phishing attacks became more targeted, and their subject matter changed – from the availability of masks and tests to the development of vaccines.

In late January, the National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine detected a phishing cyberattack aimed at Ukrainian Internet users, the main topic of which was the launch of the COVID-19 vaccination in Ukraine. During the attack on a popular hosting platform, a fake web page was created to imitate the website of the Ministry of Health of Ukraine. To place the page, the attackers registered several domains that resembled the official domain of the Ministry of Health of Ukraine - moz.gov.ua. This fake page posted information about the mandatory vaccination against COVID-19 starting on January 25 with a proposal to download a file (Word document) with details.

This document contained built-in malicious code (macro) that, when a file is opened, downloads and executes implicitly from the user another malicious script that provides remote control over the infected computer. In such a way, the attackers gained full access to the victim’s computer.

The National Coordination Center for Cybersecurity, together with CSIRT-NBU and CERT-UA, analyzed all stages of the attack and blocked phishing domains. As part of the response, the organizations targeted were informed.

Main indicators:

moz-gov-ua[.]com domain

moz-govua[.]com domain

mozgovua[.]com domain

In case of detecting phishing and fake websites, cyber incidents, please notify the National Coordination Center for Cybersecurity (report@ncscc.gov.ua) immediately.