Phishing Attacks Target Ukraine’s Defence Sector

Since the unsuccessful Russian invasion of Ukraine the Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defence companies in the country as well as its security and defence forces.

Phishing emails are currently targeting Ukrainian defence companies and defence forces with apparent connections to a fake NATO standards conference.

The latest series of phishing attacks has been attributed to the hacker group UAC-0185, with the latest targets being Ukrainian defence companies and security forces. Ukraine’s cyber defence authorities say that the attackers have also been using sophisticated tactics that impersonate the Ukrainian League of Industrialists and Entrepreneurs, which is a legitimate organisation, to deceive their victims.

The phishing emails, which were detected by CERT-UA, promoted a conference on December 5th in Kyiv, which was ostensibly aimed at aligning Ukrainian defence industry products with NATO standards, according to Ukraine’s State Service for Special Communications and Information Protection (SSSCIP).  The emails contained a malicious link titled “Attachment contains important information for your participation.” 

If the recipient clicks the link and opened the attached file, the system will be infected with malware, allowing the hackers access to sensitive data.

UAC-0185 has been active since at least 2022, and known for targeting military and defense-related systems, as well as stealing credentials from messaging platforms, including Signal, Telegram, and WhatsApp. According to reports, UAC-0185 has used in previous operations specialised tools like MeshAgent and UltraVNC (both are open-source remote-administration /remote-desktop software utilities) to gain unauthorised remote access to defence industry and military systems, enabling the theft of critical information.

The latest phishing campaign is part of a broader effort by the group to infiltrate Ukrainian military networks, with the aim of gathering intelligence and disrupting military operations. 

There is an increasing cyber threat Ukraine faces amid ongoing conflicts, with national security increasingly dependent on both physical defence measures and cyber security. The identity of the attackers is often not known, however many cyber attacks on Ukraine suggest Russian cyber operations. With the continued targeting of defense-related sectors, Ukraine’s cyber security authorities are focused on enhancing their defences and preventing further intrusions.

The evolving tactics of UAC-0185 underscore the increasing importance of cyber security in modern warfare, with digital operations playing an integral role in the ongoing conflict.

One such campaign comprise a series of phishing emails which targeted Ukrainian defence companies and security and defence forces with a fake NATO standards conference.The Computer Emergency Response Team of Ukraine (CERT-UA) detailed that these emailed advertised a conference held on December 5 in Kyiv, aimed at aligning the products of domestic industrial companies with NATO standards.

According to Mandiant, who exposed UNC4221 at a security conference earlier this year, these particular Russian hackers specialise in collecting "battlefield-relevant data through the use of Android malware, phishing operations masquerading as Ukrainian military applications...."

CERT UA   |   Mandiant   |    I-HLS   |    Infosecurity Magazine   |   Hacker News   |  SOCPrime  |   The Record   |   

Odessa Journal   |    gov.ua   

Image: Ideogram

You Might Also Read:     

British Government Minister Predicts Russia Will Step Up Cyber Attacks:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Firm Sanctioned For Potentially Lethal Cyber Attacks
Best Cybersecurity Podcasts »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

Dual Layer IT Solutions

Dual Layer IT Solutions

Dual Layer offer a full range of IT Services and Solutions for businesses from IT infrastructure design to cloud/hosted solutions, cybersecurity, disaster recovery and IT training.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

Synersoft BLACKbox

Synersoft BLACKbox

Synersoft, the maker of path-breaking and disruptive technology for SMEs, now branded as BLACKbox, is an incubated and invested portfolio company of CIIE - IIM-Ahmedabad.

SignPath

SignPath

SignPath provides leading-edge software and SaaS services that ensure code integrity from development to distribution.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.

Octane

Octane

Octane is an AI cybersecurity startup using machine learning to identify and fix vulnerabilities in blockchain codebases.