The Ukrainian Computer Emergency Response Team (CERT-UA) is warning of a new campaign targeting the defense sector using dark crystal rats (also known as DCRAT).
The campaign detected earlier this month is known to target both employees of companies in the Defense Industry Complex and individual representatives of the Ukrainian Defence Force.
This activity involves delivering malicious messages via a signal messaging app that contains the expected meeting minutes. Some of these messages are sent from previously compromised signaling accounts to increase the likelihood of successful attacks.
The reports are shared in the form of an archive file containing a decoy PDF named Darktortilla and an executable file that decrypts and launches DCRAT malware.
A well-documented remote access trojan (rat), DCRAT makes it easy to execute any command, steal valuable information, and establishes remote control for infected devices.
CERT-UA is attributing this activity to a threat cluster that tracks this activity as a UAC-0200 known to be active since at least the summer of 2024.
“The use of popular messengers on mobile devices and computers greatly expands the attack surface, including creating uncontrolled (in the context of protection), information exchange channels,” the agency added.
The development follows a suspected decision, according to records, to stop responding to requests from Ukrainian law enforcement regarding Russian cyber threats.
“Through that inaction, the signal is helping Russians gather information, target soldiers and compromise government officials,” said Serhii Demediuk, deputy chief of the Ukraine National Security and Defense Council.
However, Meredith Whittaker, CEO of the Signal, refuted the claim by saying, “We are not officially working with Ukraine or anything like that, so we don’t stop. Where did this come from, why won’t stop?”
It was also inspired by reports from Microsoft and Google that Russian cyber actors are increasingly focused on gaining unauthorized access to WhatsApp and signaling accounts and access to signaling accounts, as Ukrainians become signalling alternatives to Telegram.
Source link
