Ukrainian officials targeted via Signal app


Attackers attempted to utilize Signal messaging to infect Ukrainian civil service officials and military personnel, the State Special Communications Service of Ukraine (SSSCIP) has reported.

The targeted cyberattack focuses on Ukrainian civil service officials, military servicemen and defense sector company employees, SSSCIP warned. Interestingly, malicious actors were utilizing Signal to distribute malware.

According to SSSCIP, Signal is commonly used among the Ukrainian military. Security experts have lauded the app for taking extra measures to safeguard user privacy, when compared to other messaging platforms.

ADVERTISEMENT

The authorities claim that victims receive a message with an archive, a password to access it and a request to open the file on a PC. The malicious message often comes from “a compromised account of a person from the victim's contact list or shared groups may be used to increase the credibility of such messages.”

The archive contains executable files which infect the computer with DarkCrystal RAT (remote access trojan) malware after being launched.

DarkCrystal RAT malware is often used against targets in Ukraine. Last year, a Ukrainian utility company was breached after installing a DarkCrystal-infected pirated version of Microsoft Office.