Sunday, May 19, 2024
HomeCyber CrimeCrescentImp Malware Targets Ukraine’s Media Organisations

CrescentImp Malware Targets Ukraine’s Media Organisations


Things are still difficult for Ukraine’s war-torn country, and the situation is severe. As their struggle against Russia approaches its 100th day, a new cyber threat has arrived at their doorstep.


Ukraine’s CERT has issued a malware alert.

The CERT-UA has supplied information regarding a new malware campaign that is primarily targeting Ukrainian media organisations.

The goal of the hackers is to use the recently discovered Follina vulnerability (CVE-2022-30190) to infect victims’ computers with CrescentImp malware.

What harm may CrescentImp cause you?

CrescentImp malware can collect valuable information from affected computers and provide its controllers with a backdoor via which they can download further malware.

CERT-UA, which is tracking this malicious campaign as UAC-0113, connects it to the Russia-linked Sandworm advanced persistent threat organisation with intermediate confidence.

Who are the intended victims?

The assault effort targets Ukrainian radio stations, newspapers, news agencies, and other media outlets, and includes malicious emails with a document attached.

What is the mechanism of infection?

The Microsoft Windows Support Diagnostic Tool is affected by CVE-2022-30190 (MSDT). It lets a remote attacker to use the target machine to run arbitrary shell commands.

When a victim opens the page, JavaScript code is executed and an HTML file is downloaded to the victim’s workstation.

The CrescentImp malware EXE file called “2.txt” is downloaded and launched by the code.

Because this virus is still in its early stages, determining its capabilities is challenging.According to the CERT-UA team, the effort targeted over 500 email addresses.

Have there been any other assaults like this?

Earlier this month, the researchers discovered a malicious operation that infected Ukrainian government entities’ networks with the Cobalt Strike Beacon malware by exploiting two Windows zero-day vulnerabilities, including CVE-2022-30190.



Normal life in Ukraine has taken a significant battering after more than three months of war, and malware assaults like CrescentImp will only add to the country’s struggle to remain afloat in the face of Russia’s persistent onslaught.


IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us