Ethical Hacking News
Kremlin-backed hackers have launched a hybrid espionage campaign targeting Ukrainian foes, leveraging malicious software for Windows and Android devices to gather sensitive information. The operation, attributed to the threat group UNC5812, combines information theft with influence activity aimed at undermining Ukraine's military recruitment efforts. Learn more about this sophisticated campaign and its implications.
Ars Technica has uncovered a hybrid espionage campaign by Kremlin-backed hackers targeting Ukraine. The operation, attributed to the threat group UNC5812, uses malicious software for Windows and Android devices to gather sensitive information. The malware is spread through Telegram posts in Ukrainian-language channels using social engineering tactics. The campaign involves not only espionage but also influence activity aimed at undermining Ukraine's military recruitment efforts. Researchers suspect the group is purchasing promoted posts on legitimate channels to increase reach.
Ars Technica has uncovered a sophisticated hybrid espionage campaign waged by Kremlin-backed hackers against Ukrainian foes, leveraging malicious software for Windows and Android devices to gather sensitive information. The operation, attributed to the threat group UNC5812, employs a dual-pronged approach that combines information theft with influence activity aimed at undermining Ukraine's military recruitment efforts.
According to Google researchers, the malware-laden "Civil Defense" persona has been promoting its malicious software through posts on Telegram, which is primarily spread among Ukrainian-language channels. The Android versions of the software utilize social engineering tactics to trick users into disabling Play Protect, a security feature that scans devices for malware. In contrast, the Windows malware employs a custom version of Pronsis Loader to install PureStealer, an infostealer available for purchase online.
The researchers also discovered that the Civil Defense website advertises support for macOS and iOS platforms but lacks availability in these areas at the time of analysis. Furthermore, the group is suspected to be purchasing promoted posts on legitimate Ukrainian-language Telegram channels to increase the operation's reach. The UNC5812 Telegram channel actively solicits visitors and subscribers to upload videos criticizing territorial recruitment centers, reinforcing anti-mobilization narratives and discrediting the Ukrainian military.
The researchers emphasize that this campaign is not limited to espionage and information theft but also involves influence activity aimed at undermining Ukraine's efforts to recruit new military enlistees. The UNC5812 operation is part of a broader effort by Russia-backed threat groups to support the country's invasion of neighboring Ukraine.
In recent weeks, Amazon has reported catching APT29, another known Russian-backed threat group, sending malicious emails disguised as coming from Amazon or Microsoft in an attempt to steal credentials from Ukrainian government agencies and enterprises. The campaign was first detected by Ukraine’s computer emergency response team.
The discovery highlights the ongoing cat-and-mouse game between cybersecurity professionals and sophisticated state-sponsored hacking groups. As these operations become increasingly complex, it is essential for users to remain vigilant and implement robust security measures to protect themselves against such threats.
Related Information:
https://arstechnica.com/security/2024/10/kremlin-backed-hackers-have-new-windows-and-android-to-foist-on-ukrainian-foes/
https://attack.mitre.org/groups/G0016/
https://cloud.google.com/blog/topics/threat-intelligence/tracking-apt29-phishing-campaigns
https://www.bleepingcomputer.com/news/security/russia-targets-ukrainian-conscripts-with-windows-android-malware/
Published: Mon Oct 28 15:15:33 2024 by llama3.2 3B Q4_K_M
