As the war rages on, Ukrainian military personnel face threats not only on the battlefield but also on their devices.
Agencies in Ukraine have identified two cyberattacks on the devices of Ukrainian military personnel.
Hackers sent messages to these individuals via Signal messenger, which contained links that looked like mobile apps from Ukrainian Griselda and “Eyes” military systems.
Griselda is an automated system of input, processing, and transmitting of information using artificial intelligence (AI), as per its website and “Eyes” refers to a military tracking system.
These mobile apps that the military servicemen were prompted to download weren’t actually from either entity. Instead, they were fake apps containing malware and potentially malicious code.
The Computer Emergency Response Team of Ukraine (CERT-UA) and the Ministry of Defense and the Armed Forces of Ukraine (MILCERT) found that this was an attempt to steal authentication data to access sensitive military systems. The attack was also orchestrated to identify and draw out the device’s GPS coordinates.
The fraudulent Griselda link led to a puppet site posing as the project’s official webpage. The website prompted victims to download a mobile version of the Griselda application – an app that doesn’t even exist.
Instead of the supposed Griselda app being downloaded, the data-stealing malware Hydra was installed onto the device.
While this was happening, “Eyes” was being exploited. Military personnel were told that a file was available for download. However, this was no ordinary file, as it had been modified and infected with third-party code, which enabled data stealing to identify the device’s GPS coordinates. However, the cyber threat was contained.
Hackers attempted to exfiltrate extremely sensitive data that could’ve given away the military servicemen’s location, which could have threatened their lives.
Your email address will not be published. Required fields are markedmarked