Security Service of Ukraine Details
Security Service of Ukraine
Kyiv • 30000 employees •
Ukraine
Industry
Security Incidents
1
The **Security Service of Ukraine (SBU)** (Ukrainian: Служба безпеки України, SBU) is the principal internal security agency in Ukraine, responsible for tasks related to counter-intelligence, combating terrorism, and preventing organized crime. Established in September 1991, following Ukraine's declaration of independence from the Soviet Union, the SBU has since been an integral part of the country's national security framework.
Throughout its history, the SBU has been actively engaged in a variety of intelligence and security operations intended to protect national sovereignty and internal s...
Show more
Security Incidents
Security Service of Ukraine Breach of Aug 2024
MeshAgent is a remote management tool designed f...
Show more
The malware's operation under highly privileged accounts and its use of standard ports for communication made detection and mitigation challenging. While the immediate impact involved unauthorized remote control capabilities, the potent...
Show more
The malware's ability to operate under highly privileged accounts a...
Show more
Severity Score
Significant to High
Type
Malware AttackSummary
On August 12, 2024, the Computer Emergency Response Team of Ukraine (CERT-UA) identified that over 100 Ukrainian state and local government computers were compromised in a phishing campaign exploiting trust in the Security Service of Ukraine (SBU). The attack involved emails that seemed to originate from the SBU, which contained a link to download a zip file named “Documents.zip”. Clicking the link resulted in the download of a Microsoft Software Installer (MSI) file, specifically crafted to contain the malware ANONVNC, also known as MeshAgent.MeshAgent is a remote management tool designed f...
Show more
Severity
In August 2024, a phishing campaign exploiting trust in the Security Service of Ukraine (SBU) led to the compromise of over 100 state and local government computers. The attackers misused a legitimate remote management tool, ANONVNC (or MeshAgent), to gain covert remote access to these systems, posing significant risks to internal company and government data.The malware's operation under highly privileged accounts and its use of standard ports for communication made detection and mitigation challenging. While the immediate impact involved unauthorized remote control capabilities, the potent...
Show more
Impact
In August 2024, a phishing campaign exploiting trust in the Security Service of Ukraine (SBU) led to the compromise of over 100 state and local government computers. The attackers distributed malware known as ANONVNC, or MeshAgent, which is a legitimate remote management tool but was misused to grant the attackers covert remote access to the systems. While the attack did not directly target customer data, the unauthorized remote access facilitated by the malware posed significant risks to internal company and government data.The malware's ability to operate under highly privileged accounts a...
Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos