Overview
CERT-UA reports sophisticated social engineering attacks using fake AnyDesk connection requests to conduct fraudulent security audits. Official verification protocols are in place for legitimate remote access requests, while attackers require pre-existing AnyDesk installation and target identifier knowledge
Whom it may concern
- IT Security Teams
- System Administrators
- Ukrainian Government Agencies
- Critical Infrastructure Operators
Key Findings
- Over 1,042 cyber incidents detected in Ukraine during 2024
- 75% incidents successfully categorized as malicious code and intrusion attempts
- Three major threat clusters identified:
* UAC-0010 (277 incidents)
* UAC-0050 (99 incidents)
* UAC-0006 (174 incidents)
Risk Analysis
- Attack Prerequisites:
* AnyDesk software installation
* Valid identifier acquisition
* User interaction/approval
- Threat Actors: Unknown groups impersonating CERT-UA
- Impact Potential: Complete system compromise
Action Items
- Enable remote access tools only when needed
- Implement official channel verification
- Establish formal audit communication protocols
- Monitor for unauthorized remote access attempts
- Train staff on social engineering awareness
Sources
- [The Hacker News](https://thehackernews.com/2025/01/cert-ua-warns-of-cyber-scams-using-fake.html)
