Attackers have been found impersonating the Computer Emergency Response Team of Ukraine (CERT-UA) through the use of AnyDesk in order to gain unauthorized access to target computers. According to a statement released by CERT-UA on Friday, individuals have been sending connection requests via AnyDesk under the guise of performing a “security audit to verify the level of protection.” These requests bear the name “CERT.UA,” the CERT-UA logo, and the AnyDesk ID “1518341498” (although this ID may vary).
The attackers are relying on the unsuspecting nature of their targets, hoping that individuals working on the target computers will accept these requests without question. CERT-UA has highlighted that this tactic represents a form of social engineering, where attackers manipulate individuals into trusting them based on false authority.
For an attacker to send a connection request, they must have knowledge of the target’s AnyDesk ID, and the remote access software must be active on the target’s device. It is suspected that attackers may have obtained the targets’ AnyDesk IDs through compromising other computers where such access was previously authorized.
Remote access tools like AnyDesk are commonly exploited by attackers to gain entry into target systems. While the national CERT of Ukraine also utilizes remote access tools to support users in managing cyber incidents, they emphasize that all interventions are arranged through pre-approved communication channels. Thus, any unsolicited connection request should raise red flags for potential targets.
The specific identities of the targets – whether they are government employees, corporate workers, or private individuals – have not been disclosed by the CERT-UA team. Nonetheless, they have urged anyone who receives such a suspicious connection request to report it to the relevant cyber protection units or CERT-UA for further investigation.
It is essential for individuals and organizations to remain vigilant against these types of phishing attempts and to exercise caution when receiving unexpected connection requests, even if they appear to come from a reputable source like CERT-UA. By staying informed and following cybersecurity best practices, users can better protect themselves and prevent unauthorized access to their systems.