Hackers are sending messages with malware to soldiers of the Armed Forces of Ukraine under the guise of recruiting for the 3rd Separate Special Forces Brigade and the IDF. This was reported by the State Service for Special Communications and Information Protection of Ukraine, UNN reports.
Details
The Governmental Computer Emergency Response Team of Ukraine CERT-UA, which operates under the State Special Communications Service, took measures to prevent a series of cyberattacks in which attackers sent messages with malware to the Armed Forces of Ukraine via the Signal messenger on the topic of recruitment to the Third Separate Assault Brigade of the Armed Forces of Ukraine and the Israeli Defense Forces (IDF)
It is noted that suspicious activity was detected by specialists of the American-Japanese company Trendmicro at the end of December 2023, as reported by CERT-UA.
The attackers' messages contain archive files, running the contents of which will infect the computer with REMCOSRAT and REVERSESSH malware.
This allows attackers to remotely access the computers of Ukrainian soldiers and spy on them in real time.
At the same time, the attackers try to make the names and contents of the archives interesting for the military - "prisoner interviews," "geolocation," "coding commands," "call signs," and so on.
Addendum
More details about the technical side of the attack can be found in the CERT-UA report. The agency emphasizes that in case of detection of suspicious activity on computers and in the ICS of the Armed Forces of Ukraine, please immediately inform the ITS Cybersecurity Center.
For reference
Remcos is a sophisticated remote access trojan (RAT) that can be used to fully control and monitor any Windows computer
Remcos RAT bypasses antivirus systems and injects itself into Windows processes to appear safe.
Recall
In December last year , Russian hackers attacked users from Ukraine and Poland by sending emails with malware.