Hackers affiliated with the GRU significantly intensified cyberattacks on mobile devices of Ukrainian military personnel in the second half of 2023, according to an analytical report by CERT-UA, operating under the State Special Communications Service. To spread malicious software, the Russians utilized messengers and social engineering tactics.
The perpetrators employed various methods, including:
1. Camouflaging as legitimate products: Spyware was disguised as installers of legitimate programs, such as the "Kropyva" situational awareness system.
2. Spreading malware through messengers: Telegram and Signal were used to distribute malicious files disguised as cybersecurity instructions from CERT-UA.
3. Rapid response and adaptation: Hackers quickly reacted to new defense methods and developed new attack vectors.
4. Utilizing Windows software: Most attacks through messengers targeted the distribution of malicious software for Windows, as many military personnel use computer versions of messengers.
5. Bait files: Attackers distributed malicious programs in the form of Zip or Rar archives, masking them as updates to Delta situational awareness certificates.
The State Special Communications Service urges Ukrainian military personnel to remain vigilant and adhere to the following recommendations:
• Do not download files from unknown sources, even if they come from familiar individuals.
• Do not open links in suspicious messages.
• Update the operating system and software on personal devices regularly.
• Use strong passwords and avoid using the same password for different accounts.
