"Civil Defense" pushes hybrid espionage/influence campaign targeting recruits.
Google researchers said they uncovered a Kremlin-backed operation targeting recruits for the Ukrainian military with information-stealing malware for Windows and Android devices.
The malware, spread primarily through posts on Telegram, came from a persona on that platform known as "Civil Defense." Posts on the @civildefense_com_ua telegram channel and the accompanying civildefense[.]com.ua website claimed to provide potential conscripts with free software for finding user-sourced locations of Ukrainian military recruiters. In fact, the software, available for both Windows and Android, installed infostealers. Google tracks the Kremlin-aligned threat group as UNC5812.