Phishing Attacks Target Ukraine’s Defence Sector

Since the unsuccessful Russian invasion of Ukraine the Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defence companies in the country as well as its security and defence forces.

Phishing emails are currently targeting Ukrainian defence companies and defence forces with apparent connections to a fake NATO standards conference.

The latest series of phishing attacks has been attributed to the hacker group UAC-0185, with the latest targets being Ukrainian defence companies and security forces. Ukraine’s cyber defence authorities say that the attackers have also been using sophisticated tactics that impersonate the Ukrainian League of Industrialists and Entrepreneurs, which is a legitimate organisation, to deceive their victims.

The phishing emails, which were detected by CERT-UA, promoted a conference on December 5th in Kyiv, which was ostensibly aimed at aligning Ukrainian defence industry products with NATO standards, according to Ukraine’s State Service for Special Communications and Information Protection (SSSCIP).  The emails contained a malicious link titled “Attachment contains important information for your participation.” 

If the recipient clicks the link and opened the attached file, the system will be infected with malware, allowing the hackers access to sensitive data.

UAC-0185 has been active since at least 2022, and known for targeting military and defense-related systems, as well as stealing credentials from messaging platforms, including Signal, Telegram, and WhatsApp. According to reports, UAC-0185 has used in previous operations specialised tools like MeshAgent and UltraVNC (both are open-source remote-administration /remote-desktop software utilities) to gain unauthorised remote access to defence industry and military systems, enabling the theft of critical information.

The latest phishing campaign is part of a broader effort by the group to infiltrate Ukrainian military networks, with the aim of gathering intelligence and disrupting military operations. 

There is an increasing cyber threat Ukraine faces amid ongoing conflicts, with national security increasingly dependent on both physical defence measures and cyber security. The identity of the attackers is often not known, however many cyber attacks on Ukraine suggest Russian cyber operations. With the continued targeting of defense-related sectors, Ukraine’s cyber security authorities are focused on enhancing their defences and preventing further intrusions.

The evolving tactics of UAC-0185 underscore the increasing importance of cyber security in modern warfare, with digital operations playing an integral role in the ongoing conflict.

One such campaign comprise a series of phishing emails which targeted Ukrainian defence companies and security and defence forces with a fake NATO standards conference.The Computer Emergency Response Team of Ukraine (CERT-UA) detailed that these emailed advertised a conference held on December 5 in Kyiv, aimed at aligning the products of domestic industrial companies with NATO standards.

According to Mandiant, who exposed UNC4221 at a security conference earlier this year, these particular Russian hackers specialise in collecting "battlefield-relevant data through the use of Android malware, phishing operations masquerading as Ukrainian military applications...."

CERT UA   |   Mandiant   |    I-HLS   |    Infosecurity Magazine   |   Hacker News   |  SOCPrime  |   The Record   |   

Odessa Journal   |    gov.ua   

Image: Ideogram

You Might Also Read:     

British Government Minister Predicts Russia Will Step Up Cyber Attacks:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Firm Sanctioned For Potentially Lethal Cyber Attacks
Best Cybersecurity Podcasts »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

Agenci

Agenci

Agenci are specialists in cyber security and information security and deliver ISO 27001 Certification.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

Kocho

Kocho

Kocho (formerly TiG) is a provider of identity and access, cyber security, cloud transformation, and managed IT services.

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.

Modat

Modat

Modat is an AI-powered, research-driven company focused on developing products and services that enable cybersecurity professionals to outpace adversaries.