Hackers target Ukraine’s defence sector in new campaign


A group known as UAC-0185 has launched a new series of phishing attacks targeting Ukrainian defense companies and security forces.

The attackers sent emails mimicking the official messages from a legitimate organization, the Ukrainian League of Industrialists and Entrepreneurs, according to the country’s cyber defence authorities.

“The emails advertised a conference held on December 5th in Kyiv, aimed at aligning the products of domestic defense industry companies with NATO standards,” the State Service for Special Communications and Information Protection (SSSCIP) said in a statement.

ADVERTISEMENT

The emails also included a malicious link titled “Attachment contains important information for your participation.” Clicking the link and opening the attached files allowed hackers to infect the victim’s computer with malware, according to authorities.

The attack was detected by the Computer Emergency Team of Ukraine (CERT-UA), which operates under the SSSCIP. The authorities attributed the attack to the UAC-0185 group that has been active since at least 2022, the year of Russia’s full-scale invasion of Ukraine.

jurgita Marcus Walsh profile Stefanie Gintaras Radauskas
Get our latest stories today on Google News

In the past, it primarily focused on stealing credentials from messaging services such as Signal, Telegram, and WhatsApp, as well as targeting military systems DELTA, Teneta, and Kropyva.

According to the authorities, the group also launched numerous “more limited” cyberattacks to obtain unauthorized remote access to the computers of defense industry employees and Ukraine’s armed forces using specialized tools, including MeshAgent and UltraVNC.

The SSSCIP did not provide more details about the hackers, but many similar groups operating against Ukraine have been linked to Russia and its ally Belarus in the past.

ADVERTISEMENT