Ukraine’s Military Intelligence Hit By Cyber Attacks

Uploaded on 2022-12-28 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

Ukrainian security authorities have confirmed that its Delta military intelligence system has been hit by some cyber attacks. Hackers targeted software critical to Ukraine’s military efforts with information-stealing malware, Ukraine’s Computer Emergency Response Team (CERT-UA) said recently.

The attackers sent messages in mid-December from a hacked email address belonging to a Ukraine Ministry of Defence employee to users of the programme, which is called Delta. CERT-UA publicised the incident a few days later, on December 18. 

The Delta system is used for key situational awareness and collecting information about enemy forces as well as coordinating of defence forces. The Delta system is built to be compatible with NATO equipment and provides a comprehensive understanding of the battle space in real time. It also integrates information about the enemy from various sensors and sources, including those from intelligence, on a digital map. 

The Delta doesn’t require any additional settings and can work on any device: on a laptop, tablet or mobile phone.

The attackers leveraged a compromised Ministry of Defence email account to launch phishing messages in an attempt to lure recipients into installing a fake update to the Delta system. If a recipient clicks on the link, a “certificates_rootca.zip” archive containing the “certificates_rootCA.exe” executable file protected by VMProtect will be downloaded to their computer, CERT-UA has said.   

The email contains a malicious PDF attachment that claims to have instructions on how to initiate the update as well as a malicious ZIP archive link. If the file is clicked, an executable is downloaded onto the computer.

Although VMProtect is legitimate software designed to protect files by containing them in a virtual machine, it is being used here with the purpose of hiding the malicious exe and DLL files from analysis by security tools.
CERT-UA did not attribute the attack, although threat actors tied to the Russian state would be an obvious guess.

Since Russia invaded Ukraine on February 24, 2022, most Western commentators have downplayed the role of offensive cyber operations in Moscow’s larger war effort. Analysts have often called Russian cyber operations unsophisticated, ill-planned, poorly integrated with activities in other domains. 

That the systems have been ably defended by Ukraine and its foreign partners  and have been insignificant  when compared to the large-scale death and destruction caused by physical weapons. But now, Russia is using other more sophisticated hacking groups, most likely from the expert cohort of cyber criminals there, to help them with the war effort.

CERT Ukraine:     Ukraine Military Center:    Carnegie Endowment:      Oodaloop:    The Record:   Wired

Infosecurity Magazine:    Economist:  

You Might Also Read: 

Ukraine Uses Artificial Intelligence To Speed Up Attacks:

 

« Cyber Security Awareness Training For Management & Employees
Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Krypsis

Krypsis

Krypsys is an information security company with a focus on helping you defend your information and data against emerging security threats.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Nclose

Nclose

Nclose is a proudly South African cyber security specialist that has been securing leading enterprises and building our security portfolio since 2006.

QEDIT

QEDIT

QEDIT is leading the standardization of Zero-Knowledge Proofs through the ZKProof.org Workshops, and builds production-grade ZKP systems for blockchain.