UA EN RU
All topics
Topics
UA EN RU
Last news
Drones, Robots, and DeepStrike: New Priorities for the Armed Forces of Ukraine today, 16:00
One in five Russian drones is used in southern Ukraine - Defense Forces today, 14:20
Combatant status: how to obtain the status for those who have served since February 24, 2022 today, 13:55
Dead Zone Forces Russians to Attack in Small Groups today, 11:25
Russians fear Ukrainian landing on Kinburn and Tendrivske Spits - Defense Forces today, 10:35
The enemy attacked Kyiv with drones and missiles: the consequences of the 'strikes' today, 06:46
Operation Under Cover: CNN Learned How Trump Prepared Strikes on Iran today, 03:02
Trump sent Kellogg to Lukashenko to resolve the 'Ukrainian issue': NYT revealed the details today, 00:15
Iran is ready to cut off oil to the whole world after US strikes: what we know yesterday, 22:45
The Ground Forces revealed the details of the Russian strike on the Armed Forces training ground yesterday, 20:52
Minister Chernyshov returned to Ukraine after wave of rumors about his escape yesterday, 18:53
Everything Destroyed: Trump Reveals Details of Operation Against Iran yesterday, 17:30
UAF launched a counteroffensive in Sumy region, Andriyivka liberated – DeepState yesterday, 16:32
Trump is preparing for possible retaliation from Iran within 48 hours: NBC learned the details yesterday, 15:15
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 2210
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 2210
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Drones, Robots, and DeepStrike: New Priorities for the Armed Forces of Ukraine
Drones, Robots, and DeepStrike: New Priorities for the Armed Forces of Ukraine
today, 16:00 367
One in five Russian drones is used in southern Ukraine - Defense Forces
One in five Russian drones is used in southern Ukraine - Defense Forces
today, 14:20 484
Combatant status: how to obtain the status for those who have served since February 24, 2022
Combatant status: how to obtain the status for those who have served since February 24, 2022
today, 13:55 540
Dead Zone Forces Russians to Attack in Small Groups
Dead Zone Forces Russians to Attack in Small Groups
today, 11:25 620
Russians fear Ukrainian landing on Kinburn and Tendrivske Spits - Defense Forces
Russians fear Ukrainian landing on Kinburn and Tendrivske Spits - Defense Forces
today, 10:35 723
The enemy attacked Kyiv with drones and missiles: the consequences of the 'strikes'
The enemy attacked Kyiv with drones and missiles: the consequences of the 'strikes'
today, 06:46 801

Advertising