Ukraine’s Military Intelligence Hit By Cyber Attacks

Uploaded on 2022-12-28 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

Ukrainian security authorities have confirmed that its Delta military intelligence system has been hit by some cyber attacks. Hackers targeted software critical to Ukraine’s military efforts with information-stealing malware, Ukraine’s Computer Emergency Response Team (CERT-UA) said recently.

The attackers sent messages in mid-December from a hacked email address belonging to a Ukraine Ministry of Defence employee to users of the programme, which is called Delta. CERT-UA publicised the incident a few days later, on December 18. 

The Delta system is used for key situational awareness and collecting information about enemy forces as well as coordinating of defence forces. The Delta system is built to be compatible with NATO equipment and provides a comprehensive understanding of the battle space in real time. It also integrates information about the enemy from various sensors and sources, including those from intelligence, on a digital map. 

The Delta doesn’t require any additional settings and can work on any device: on a laptop, tablet or mobile phone.

The attackers leveraged a compromised Ministry of Defence email account to launch phishing messages in an attempt to lure recipients into installing a fake update to the Delta system. If a recipient clicks on the link, a “certificates_rootca.zip” archive containing the “certificates_rootCA.exe” executable file protected by VMProtect will be downloaded to their computer, CERT-UA has said.   

The email contains a malicious PDF attachment that claims to have instructions on how to initiate the update as well as a malicious ZIP archive link. If the file is clicked, an executable is downloaded onto the computer.

Although VMProtect is legitimate software designed to protect files by containing them in a virtual machine, it is being used here with the purpose of hiding the malicious exe and DLL files from analysis by security tools.
CERT-UA did not attribute the attack, although threat actors tied to the Russian state would be an obvious guess.

Since Russia invaded Ukraine on February 24, 2022, most Western commentators have downplayed the role of offensive cyber operations in Moscow’s larger war effort. Analysts have often called Russian cyber operations unsophisticated, ill-planned, poorly integrated with activities in other domains. 

That the systems have been ably defended by Ukraine and its foreign partners  and have been insignificant  when compared to the large-scale death and destruction caused by physical weapons. But now, Russia is using other more sophisticated hacking groups, most likely from the expert cohort of cyber criminals there, to help them with the war effort.

CERT Ukraine:     Ukraine Military Center:    Carnegie Endowment:      Oodaloop:    The Record:   Wired

Infosecurity Magazine:    Economist:  

You Might Also Read: 

Ukraine Uses Artificial Intelligence To Speed Up Attacks:

 

« Cyber Security Awareness Training For Management & Employees
Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

GLIMPS

GLIMPS

GLIMPS-Malware automatically detects malware affecting standard computer systems, manufacturing systems, IOT or automotive domains.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.

RapidSpike

RapidSpike

RapidSpike is the only website monitoring solution that focuses all three key aspects of website health: performance, reliability AND security.

Praxis Security Labs

Praxis Security Labs

Praxis Security Labs is a research driven cybersecurity company that helps our customers to reduce risk and improve security.