UA EN RU
All topics
Topics
UA EN RU
Last news
Escalation of Rocket Terror: Ukraine Calls for UN Security Council Meeting today, 10:50
Hostile drones hit industrial facilities in Zaporizhzhia today, 07:14
The State Border Guard Service explained why the enemy's infantry groups sharply reduced their activity in Sumy region today, 04:22
Canada has imposed sanctions against the coach and lover of Putin yesterday, 23:43
The Russian missile program essentially consists of propaganda - expert yesterday, 22:44
Pro-Russian cultural center in Berlin costs Germany €70,000 per year yesterday, 22:39
Trump announced full control of the U.S. and Israel over Iranian airspace and demanded Tehran's capitulation yesterday, 20:51
Pension payments for disabled servicemen: what is important to know yesterday, 19:31
CPD explained why the Russian Federation is systematically shutting down mobile internet in the regions yesterday, 18:58
Summer Offensive of the Enemy: The Russian Army Activates on Seven Fronts yesterday, 16:15
Germany co-finances three drone production projects in Ukraine yesterday, 15:50
Surrounded Kyiv: Air Force Reveals Tactics of Terrorist Attack on the Capital yesterday, 15:25
Benefits for Fiber-Optic Controlled Drone Manufacturers: What Has Changed yesterday, 14:10
National Police Conducted Over 940 Searches Resulting in the Seizure of Illegal Weapons yesterday, 13:20
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 2097
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 2097
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Escalation of Rocket Terror: Ukraine Calls for UN Security Council Meeting
Escalation of Rocket Terror: Ukraine Calls for UN Security Council Meeting
today, 10:50 178
Hostile drones hit industrial facilities in Zaporizhzhia
Hostile drones hit industrial facilities in Zaporizhzhia
today, 07:14 263
The State Border Guard Service explained why the enemy's infantry groups sharply reduced their activity in Sumy region
The State Border Guard Service explained why the enemy's infantry groups sharply reduced their activity in Sumy region
today, 04:22 538
Canada has imposed sanctions against the coach and lover of Putin
Canada has imposed sanctions against the coach and lover of Putin
yesterday, 23:43 716
The Russian missile program essentially consists of propaganda - expert
The Russian missile program essentially consists of propaganda - expert
yesterday, 22:44 769
Pro-Russian cultural center in Berlin costs Germany €70,000 per year
Pro-Russian cultural center in Berlin costs Germany €70,000 per year
yesterday, 22:39 722

Advertising