Photo: Depositphotos
Kyiv, 28 February 2025 – The Ukrainian government’s Computer Emergency Response Team(CERT-UA) has reported renewed activity of the criminal hacker group UAC-0173, which has targeted Ukrainian notaries to gain access to state registers. The information was made public by the State Service for Special Communications and Information Protection of Ukraine.
How do hackers work?
According to CERT-UA, criminals use targeted phishing attacks by sending emails to notaries with attachments or malicious links. When these files are opened or clicked on, malware is downloaded to the victim’s computer, allowing the attackers to
– Get remote access to the system.
– Steal user credentials.
– Access state registers that may contain confidential information.
– Use infected systems to further spread the attack.
“UAC-0173 acts cautiously and uses social engineering to deceive notaries by creating the appearance of official letters with plausible content,” CERT-UA said.
What is the purpose of the attacks?
The main goal of the criminal group is to gain access to state registers, in particular:
– Registers of real estate ownership.
– Unified registers of legal entities and individual entrepreneurs.
– The State Register of Civil Status Acts.
Gaining access to these databases can allow attackers to exploit them:
– Make illegal changes to the registers.
– Steal or sell personal data.
– Use the information for further fraudulent activities.
Recommendations from CERT-UA
CERT-UA calls on Ukrainian notaries and government agencies to take urgent security measures to prevent potential threats:
1. Do not open suspicious emails, especially those containing attachments or links from unknown senders.
2. Update your anti-virus software and scan your systems for malware.
3. Use two-factor authentication to access state registers.
4. Change passwords for your accounts, especially if you suspect hacking.
5. Regularly back up important data to reduce the impact of potential attacks.
“Protecting access to state registers is a matter of national security. We urge all notaries to observe cyber hygiene and be especially attentive to suspicious messages,” the CERT-UA official statement said.
Who is UAC-0173?
The UAC-0173 group is known for its cyber operations targeting government agencies, legal organisations and financial institutions in Ukraine. This is not the first time they have been active – previously, hackers have tried to attack government services through malware distribution networks.
“UAC-0173 uses social engineering techniques and sophisticated phishing campaigns to infiltrate the networks of government organisations,” cybersecurity experts say.
Cybersecurity in Ukraine: current threats
Ukraine has been a target for cyberattacks for several years now, especially since the beginning of Russia’s full-scale invasion. Government systems, energy companies and infrastructure facilities are often targeted by hacker groups.
CERT-UA emphasises that cyber threats remain high, and the country must be prepared for such attacks.
“Cybersecurity is a shared responsibility. The vigilance of each user can prevent catastrophic consequences for the whole country,” the State Special Communications Service concluded.
