UA EN RU
All topics
Topics
UA EN RU
Last news
Trump to make a decision on Iran. The White House announced the deadlines today, 02:46
Trump left the G7 summit due to Zelensky and Macron: FT learned the details yesterday, 20:39
The SBU presented exclusive photos and videos of the prisoner exchange yesterday, 20:11
North Korea to send 25 thousand workers to Russia: what does it want in return yesterday, 18:38
The Ministry of Internal Affairs explained how they identify Russian soldiers among the transferred bodies of the deceased yesterday, 15:50
Ukrainian developers submitted 42 projects for the NATO competition against FPV drones on fiber optics yesterday, 15:25
Putin outlined conditions for a meeting with Zelensky: what nuances the dictator spoke about yesterday, 13:51
The Defense Forces assessed the threat of an enemy landing operation on the coast of Odessa yesterday, 13:20
Military explains why Russians significantly intensified their offensive in the Novopavlivka direction yesterday, 11:40
Is Iran creating nuclear weapons: US intelligence data yesterday, 10:52
The Russian Army is increasing the use of drones at the border yesterday, 10:00
Putin explained why he killed dozens of peaceful people in Kyiv on June 17 yesterday, 04:12
Inventors in the Armed Forces of Ukraine to Receive Money: The Ministry of Defense Will Introduce a Reward System yesterday, 02:22
The EU has finalized the dates for approving a new sanctions package against Russia 18.06.2025
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 2122
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 2122
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Trump to make a decision on Iran. The White House announced the deadlines
Trump to make a decision on Iran. The White House announced the deadlines
today, 02:46 163
Trump left the G7 summit due to Zelensky and Macron: FT learned the details
Trump left the G7 summit due to Zelensky and Macron: FT learned the details
yesterday, 20:39 652
The SBU presented exclusive photos and videos of the prisoner exchange
The SBU presented exclusive photos and videos of the prisoner exchange
yesterday, 20:11 604
North Korea to send 25 thousand workers to Russia: what does it want in return
North Korea to send 25 thousand workers to Russia: what does it want in return
yesterday, 18:38 748
The Ministry of Internal Affairs explained how they identify Russian soldiers among the transferred bodies of the deceased
The Ministry of Internal Affairs explained how they identify Russian soldiers among the transferred bodies of the deceased
yesterday, 15:50 795
Ukrainian developers submitted 42 projects for the NATO competition against FPV drones on fiber optics
Ukrainian developers submitted 42 projects for the NATO competition against FPV drones on fiber optics
yesterday, 15:25 822

Advertising