UA EN RU
All topics
Topics
UA EN RU
Last news
New Tactics of Occupants Reported on the Front: Motorcycles, Drones, and Small Infantry Groups today, 11:15
Russian occupiers attacked Kharkiv with drones for two hours: consequences of the 'hits' today, 07:04
Zelensky's office commented on fears regarding the lowering of the mobilization age yesterday, 22:51
Trump discussed the war in Ukraine with Erdogan: what they agreed on yesterday, 21:01
Putin shuts off mobile communication for Moscow residents: fears of diversions on May 9 yesterday, 14:31
Britain Increases Pressure on Iran: Seven Citizens Detained on Suspicion of Terrorism yesterday, 12:55
Zaporizhzhia Direction: Russians are sending tankers and artillerymen to assault due to a lack of infantry yesterday, 12:30
Crimea remains a key obstacle in negotiations between Russia and Ukraine - NBC yesterday, 12:05
China's Ministry of Foreign Affairs confirmed: Xi Jinping will visit Moscow despite the danger yesterday, 10:00
Putin's Pseudo-Truce: The Independent Explained the Deception yesterday, 08:45
Occupants launched a strike with drones and missiles on Konotop yesterday, 06:16
Meat Grinder 2025: British Intelligence Predicts the Bloodiest Year of War for Russia yesterday, 03:15
The NSDC revealed the consequences of the attack on the 'Strela' factory in Russia yesterday, 02:05
Frontline situation as of May 4. General Staff report yesterday, 00:02
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 1475
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 1475
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Occupants on motorcycles and drones
New Tactics of Occupants Reported on the Front: Motorcycles, Drones, and Small Infantry Groups
today, 11:15 100
Consequences of drone attacks in Kharkiv
Russian occupiers attacked Kharkiv with drones for two hours: consequences of the 'hits'
today, 07:04 345
Commented on the lowering of the mobilization age
Zelensky's office commented on fears regarding the lowering of the mobilization age
yesterday, 22:51 628
Trump and Erdogan talk about the war
Trump discussed the war in Ukraine with Erdogan: what they agreed on
yesterday, 21:01 625
Putin shuts off mobile communication for Muscovites on May 9
Putin shuts off mobile communication for Moscow residents: fears of diversions on May 9
yesterday, 14:31 829
Terrorist Arrests in Britain
Britain Increases Pressure on Iran: Seven Citizens Detained on Suspicion of Terrorism
yesterday, 12:55 894

Advertising