Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

Kremlin-backed hackers have new Windows and Android malware to foist on Ukrainian foes

"Civil Defense" pushes hybrid espionage/influence campaign targeting recruits.
Google researchers said they uncovered a Kremlin-backed operation targeting recruits for the Ukrainian military with information-stealing malware for Windows and Android devices.

The malware, spread primarily through posts on Telegram, came from a persona on that platform known as "Civil Defense." Posts on the @civildefense_com_ua telegram channel and the accompanying civildefense[.]com.ua website claimed to provide potential conscripts with free software for finding user-sourced locations of Ukrainian military recruiters. In fact, the software, available for both Windows and Android, installed infostealers. Google tracks the Kremlin-aligned threat group as UNC5812.

Dual espionage and influence campaign


"The ultimate aim of the campaign is to have victims navigate to the UNC5812-controlled 'Civil Defense' website, which advertises several different software programs for different operating systems," Google researchers wrote. "When installed, these programs result in the download of various commodity malware families."

Read full article

Comments


Published: 2024-10-28T17:58:54











© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us