CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures

Ukraine’s CERT-UA has sounded the alarm on a fresh wave of cyberattacks, with threat actors UAC-0099 and Gamaredon deploying custom malware through phishing campaigns. These attacks cleverly disguise themselves as court summonses, leveraging social engineering to trick victims.

The malware, delivered via HTA files, is written in C# and is part of a sophisticated attack chain that includes PowerShell scripts and WinRAR exploits. This combo is designed to evade detection and establish a persistent presence on infected systems.

ESET researchers have linked these campaigns to ongoing cyber espionage activities targeting Ukrainian entities. The use of Visual Basic scripts and PowerShell highlights the attackers' preference for leveraging built-in Windows tools to minimize their footprint.

This latest advisory underscores the evolving tactics of cybercriminals, blending technical sophistication with psychological manipulation. Stay vigilant and verify unexpected legal documents.