Phishing Attacks Target Ukraine’s Defence Sector

Since the unsuccessful Russian invasion of Ukraine the Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defence companies in the country as well as its security and defence forces.

Phishing emails are currently targeting Ukrainian defence companies and defence forces with apparent connections to a fake NATO standards conference.

The latest series of phishing attacks has been attributed to the hacker group UAC-0185, with the latest targets being Ukrainian defence companies and security forces. Ukraine’s cyber defence authorities say that the attackers have also been using sophisticated tactics that impersonate the Ukrainian League of Industrialists and Entrepreneurs, which is a legitimate organisation, to deceive their victims.

The phishing emails, which were detected by CERT-UA, promoted a conference on December 5th in Kyiv, which was ostensibly aimed at aligning Ukrainian defence industry products with NATO standards, according to Ukraine’s State Service for Special Communications and Information Protection (SSSCIP).  The emails contained a malicious link titled “Attachment contains important information for your participation.” 

If the recipient clicks the link and opened the attached file, the system will be infected with malware, allowing the hackers access to sensitive data.

UAC-0185 has been active since at least 2022, and known for targeting military and defense-related systems, as well as stealing credentials from messaging platforms, including Signal, Telegram, and WhatsApp. According to reports, UAC-0185 has used in previous operations specialised tools like MeshAgent and UltraVNC (both are open-source remote-administration /remote-desktop software utilities) to gain unauthorised remote access to defence industry and military systems, enabling the theft of critical information.

The latest phishing campaign is part of a broader effort by the group to infiltrate Ukrainian military networks, with the aim of gathering intelligence and disrupting military operations. 

There is an increasing cyber threat Ukraine faces amid ongoing conflicts, with national security increasingly dependent on both physical defence measures and cyber security. The identity of the attackers is often not known, however many cyber attacks on Ukraine suggest Russian cyber operations. With the continued targeting of defense-related sectors, Ukraine’s cyber security authorities are focused on enhancing their defences and preventing further intrusions.

The evolving tactics of UAC-0185 underscore the increasing importance of cyber security in modern warfare, with digital operations playing an integral role in the ongoing conflict.

One such campaign comprise a series of phishing emails which targeted Ukrainian defence companies and security and defence forces with a fake NATO standards conference.The Computer Emergency Response Team of Ukraine (CERT-UA) detailed that these emailed advertised a conference held on December 5 in Kyiv, aimed at aligning the products of domestic industrial companies with NATO standards.

According to Mandiant, who exposed UNC4221 at a security conference earlier this year, these particular Russian hackers specialise in collecting "battlefield-relevant data through the use of Android malware, phishing operations masquerading as Ukrainian military applications...."

CERT UA   |   Mandiant   |    I-HLS   |    Infosecurity Magazine   |   Hacker News   |  SOCPrime  |   The Record   |   

Odessa Journal   |    gov.ua   

Image: Ideogram

You Might Also Read:     

British Government Minister Predicts Russia Will Step Up Cyber Attacks:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Firm Sanctioned For Potentially Lethal Cyber Attacks
Best Cybersecurity Podcasts »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

RazorSecure

RazorSecure

RazorSecure offers products and services to enhance railway cyber security, by protecting and monitoring networks and key systems.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

Spin Technology

Spin Technology

SpinOne is a SaaS data protection platform designed to monitor, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Nudge Security

Nudge Security

Nudge Security offer the world's first-ever SaaS security solution to discover shadow IT and curb SaaS sprawl across any device or location and nudges employees towards optimal security behavior.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Softsource vBridge

Softsource vBridge

Softsource vBridge are an ICT systems integrator providing specialist technology solutions, professional services, technical expertise and data centre services.

Palindrome Technologies

Palindrome Technologies

Palindrome Technologies help clients defend against cyberattacks across all attack surfaces, including hardware, software, network-to-cloud, people, and emerging technologies.