The spearphishing emails are being sent from two domains (i[.]ua-passport[.
]space and id[.]bigmir[.]space).
Below is an example of the malicious email:
Dear user!
Your contact information or not you are a spam bot.
c’mon, tap the link below and verify your contact information.
Otherwise, your account will be irretrievably deleted.
Thank you for your understanding.
Later, the attackers use contact details from the victims address book to send the phishing emails.
In November 2021, U.S. cybersecurity firm Mandiant had formally linked the UNC1151 group to the Belarusian government.
It has cautioned its citizens against opening such malicious content.
A phishing#attackhas started against Ukrainians!
Citizens' e-mail addresses receive letters with attached files of uncertain nature.
source: www.techworm.net
