Merlin
Image: A screenshot from a tutorial on how to use the tool.

Ukrainian state agencies targeted with open-source malware MerlinAgent

Hackers targeted Ukrainian government agencies with a phishing campaign using an open-source program called MerlinAgent, according to the latest research.

In early August, an unidentified threat actor tracked as UAC-0154 sent malicious emails to its targets, purportedly containing security tips from Ukraine's computer emergency response team (CERT-UA).

These emails contained malicious attachments that infected victims' computers with the MerlinAgent tool.

With the tool, attackers could gain remote access to the victim's systems, execute commands, and download or delete files.

MerlinAgent was already used earlier in July to launch attacks on Ukrainian government agencies, according to CERT-UA.

The tool has an open-source code posted on GitHub by a user with the nickname Russel Van Tuyl. Merlin is a remote-access tool (RAT) that allows users to control and access a targeted computer remotely, typically over the internet.

Russel Van Tuyl said that Merlin was his first attempt at learning the Golang programming language.

According to the developer’s note, the tool was intended to only be used during research and authorized testing.

However, in the ongoing cyber war between Ukraine and Russia, hackers from both countries use simple techniques like phishing and open-source offensive security tools as part of their attacks.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.