Russian hackers target Ukrainian military mobile devices via Telegram and Signal messenger apps
Wednesday, 15 May 2024, 13:44
Hackers linked to Russian intelligence services actively utilised messaging platforms like Telegram and Signal, as well as social engineering, in the second half of 2023 to spread malicious software.
Source: the Russian Cyber Operations analytical report, as reported by the press office of the State Special Communications Service of Ukraine
Hackers are utilising spyware disguised as installers of verified programs, such as the Kropyva situational awareness system.
Advertisement:
Other notable features from attacks on mobile devices include:
- Spread of malware through Signal and Telegram: perpetrators used these messengers to disseminate malicious files, disguising them as cybersecurity instructions from CERT-UA.
- Rapid reaction and adaptation: hackers quickly responded to new defence methods and developed new attack vectors.
- Targeting Windows software: most attacks via messengers aimed to spread malicious software for Windows, as many military personnel use computer versions of messengers.
- Use of decoy files: perpetrators distributed malicious programs in the form of ZIP or RAR archives, disguising them as updates to Delta situational awareness complex certificates.
The State Special Communications Service urges Ukrainian military personnel to remain vigilant and adhere to the following recommendations:
Advertisement:
- Do not download files from unknown sources, even if they come from familiar individuals.
- Do not open links in suspicious messages.
- Keep your device's operating system and software updated.
- Use strong passwords and avoid using the same password for different accounts.
Support UP or become our patron!