Phishing Attacks Target Ukraine’s Defence Sector

Since the unsuccessful Russian invasion of Ukraine the Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defence companies in the country as well as its security and defence forces.

Phishing emails are currently targeting Ukrainian defence companies and defence forces with apparent connections to a fake NATO standards conference.

The latest series of phishing attacks has been attributed to the hacker group UAC-0185, with the latest targets being Ukrainian defence companies and security forces. Ukraine’s cyber defence authorities say that the attackers have also been using sophisticated tactics that impersonate the Ukrainian League of Industrialists and Entrepreneurs, which is a legitimate organisation, to deceive their victims.

The phishing emails, which were detected by CERT-UA, promoted a conference on December 5th in Kyiv, which was ostensibly aimed at aligning Ukrainian defence industry products with NATO standards, according to Ukraine’s State Service for Special Communications and Information Protection (SSSCIP).  The emails contained a malicious link titled “Attachment contains important information for your participation.” 

If the recipient clicks the link and opened the attached file, the system will be infected with malware, allowing the hackers access to sensitive data.

UAC-0185 has been active since at least 2022, and known for targeting military and defense-related systems, as well as stealing credentials from messaging platforms, including Signal, Telegram, and WhatsApp. According to reports, UAC-0185 has used in previous operations specialised tools like MeshAgent and UltraVNC (both are open-source remote-administration /remote-desktop software utilities) to gain unauthorised remote access to defence industry and military systems, enabling the theft of critical information.

The latest phishing campaign is part of a broader effort by the group to infiltrate Ukrainian military networks, with the aim of gathering intelligence and disrupting military operations. 

There is an increasing cyber threat Ukraine faces amid ongoing conflicts, with national security increasingly dependent on both physical defence measures and cyber security. The identity of the attackers is often not known, however many cyber attacks on Ukraine suggest Russian cyber operations. With the continued targeting of defense-related sectors, Ukraine’s cyber security authorities are focused on enhancing their defences and preventing further intrusions.

The evolving tactics of UAC-0185 underscore the increasing importance of cyber security in modern warfare, with digital operations playing an integral role in the ongoing conflict.

One such campaign comprise a series of phishing emails which targeted Ukrainian defence companies and security and defence forces with a fake NATO standards conference.The Computer Emergency Response Team of Ukraine (CERT-UA) detailed that these emailed advertised a conference held on December 5 in Kyiv, aimed at aligning the products of domestic industrial companies with NATO standards.

According to Mandiant, who exposed UNC4221 at a security conference earlier this year, these particular Russian hackers specialise in collecting "battlefield-relevant data through the use of Android malware, phishing operations masquerading as Ukrainian military applications...."

CERT UA   |   Mandiant   |    I-HLS   |    Infosecurity Magazine   |   Hacker News   |  SOCPrime  |   The Record   |   

Odessa Journal   |    gov.ua   

Image: Ideogram

You Might Also Read:     

British Government Minister Predicts Russia Will Step Up Cyber Attacks:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Firm Sanctioned For Potentially Lethal Cyber Attacks
Best Cybersecurity Podcasts »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

IDECSI

IDECSI

IDECSI delivers cutting-edge technology and engages all employees in the security system for effective and cost-efficient data protection.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

Defence Labs

Defence Labs

Defence Labs is a cybersecurity company specialising in cost effective penetration testing for small-to-medium sized enterprises.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.

Zynap

Zynap

Zynap is an Advanced AI-powered SaaS platform replicating cybercriminal tactics to predict, detect, and neutralize threats before they strike.