Ukrainian military targeted in new phishing attacks in Signal messenger

09.01.2024 06:42

Ukrinform

A Ukrainian communications watchdog has warned of a new type of messages containing malware that the Ukrainian military servicemen have been receiving en masse recently.

In those messages, sent via Signal, soldiers and officers are offered positions in the 3rd Separate Assault Brigade and the Israeli Defense Forces, says the State Service for Special Communications and Information Security, Ukrinform reports.

The CERT-UA computer emergency response team undertook measures to counter the latest coordinated cyberattack, the report reads.

Suspicious activity was first detected by specialists from the U.S.-Japanese company Trendmicro late December, CERT-UA reports. The malicious messages contain archive files, which, if run, infect targeted computers with REMCOSRAT and REVERSESSH malware. At the same time, the attackers try to dupe the recipients through elaborate names of the files, such as "interview with the captive", "geolocation", "coding commands", "callsigns", etc.

CERT-UA adds that, despite the use of publicly available tools (to identify similarities with other attacks), certain features of the activity described in the report forms a separate cluster of cyber threats and is tracked by the UAC-0184 identifier.

As reported, from January 2022 to September 2023, the government computer emergency response team recorded almost 4,000 cyber incidents in Ukraine.