What is known

The large-scale campaign was discovered by the government computer emergency response team of Ukraine’s CERT-UA. He was the first to report the increased activity of the group, tracked under the conditional number UAC-0184.

It is stated that attackers meet and communicate using popular messaging programs, social networks and other platforms to spread malicious programs.

Its methods include:

• Requests to get to know each other and add friends.
• Accompanying fake messages: for example, about the opening of an enforcement action/criminal case, video of combat actions, etc.
• Files (archives) that contain requests for assistance in opening or processing.

As a result, malware installed on the computer, Uploads data including messages and contacts from Signal messenger to hackers’ serversIt is the main place of communication in the army.

Attackers will continue to improve their methods of delivering malware through instant messaging programs. Any careless online activity by a military member (for example, posting a photo in a military uniform) makes it easier for attackers to identify priority targets for attacks.
– Remind Government Private Communications.

Although we do not know the exact name of the hacking group or the names of the cybercriminals, it would not be wrong to assume that Russia is behind this operation. One of the most dangerous hacking assets is called Sandworm. He works as part of Russian intelligence and performs some of the most difficult missions for the invaders. In particular, it was finally confirmed recently that they were behind the attack on “Kyivstar” on December 12th.