Phishing Attacks Target Ukraine’s Defence Sector

Since the unsuccessful Russian invasion of Ukraine the Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defence companies in the country as well as its security and defence forces.

Phishing emails are currently targeting Ukrainian defence companies and defence forces with apparent connections to a fake NATO standards conference.

The latest series of phishing attacks has been attributed to the hacker group UAC-0185, with the latest targets being Ukrainian defence companies and security forces. Ukraine’s cyber defence authorities say that the attackers have also been using sophisticated tactics that impersonate the Ukrainian League of Industrialists and Entrepreneurs, which is a legitimate organisation, to deceive their victims.

The phishing emails, which were detected by CERT-UA, promoted a conference on December 5th in Kyiv, which was ostensibly aimed at aligning Ukrainian defence industry products with NATO standards, according to Ukraine’s State Service for Special Communications and Information Protection (SSSCIP).  The emails contained a malicious link titled “Attachment contains important information for your participation.” 

If the recipient clicks the link and opened the attached file, the system will be infected with malware, allowing the hackers access to sensitive data.

UAC-0185 has been active since at least 2022, and known for targeting military and defense-related systems, as well as stealing credentials from messaging platforms, including Signal, Telegram, and WhatsApp. According to reports, UAC-0185 has used in previous operations specialised tools like MeshAgent and UltraVNC (both are open-source remote-administration /remote-desktop software utilities) to gain unauthorised remote access to defence industry and military systems, enabling the theft of critical information.

The latest phishing campaign is part of a broader effort by the group to infiltrate Ukrainian military networks, with the aim of gathering intelligence and disrupting military operations. 

There is an increasing cyber threat Ukraine faces amid ongoing conflicts, with national security increasingly dependent on both physical defence measures and cyber security. The identity of the attackers is often not known, however many cyber attacks on Ukraine suggest Russian cyber operations. With the continued targeting of defense-related sectors, Ukraine’s cyber security authorities are focused on enhancing their defences and preventing further intrusions.

The evolving tactics of UAC-0185 underscore the increasing importance of cyber security in modern warfare, with digital operations playing an integral role in the ongoing conflict.

One such campaign comprise a series of phishing emails which targeted Ukrainian defence companies and security and defence forces with a fake NATO standards conference.The Computer Emergency Response Team of Ukraine (CERT-UA) detailed that these emailed advertised a conference held on December 5 in Kyiv, aimed at aligning the products of domestic industrial companies with NATO standards.

According to Mandiant, who exposed UNC4221 at a security conference earlier this year, these particular Russian hackers specialise in collecting "battlefield-relevant data through the use of Android malware, phishing operations masquerading as Ukrainian military applications...."

CERT UA   |   Mandiant   |    I-HLS   |    Infosecurity Magazine   |   Hacker News   |  SOCPrime  |   The Record   |   

Odessa Journal   |    gov.ua   

Image: Ideogram

You Might Also Read:     

British Government Minister Predicts Russia Will Step Up Cyber Attacks:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Firm Sanctioned For Potentially Lethal Cyber Attacks
Best Cybersecurity Podcasts »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Oxygen Forensics

Oxygen Forensics

Oxygen Forensics offer the most advanced forensic data examination tools for mobile devices and cloud services.

Nuix

Nuix

Nuix specialise in extracting knowledge from unstructured data. Applications include Digital Forensics, Cybersecurity Intelligence, Information Governance, eDiscovery.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

HoxHunt

HoxHunt

HoxHunt is an automated cyber training program that transforms the way your employees react and respond to the growing amount of phishing emails.

Cyber Security Raad (CSR) - Netherlands

Cyber Security Raad (CSR) - Netherlands

The Cyber Security Council (CSR) is a national, independent advisory body of the Dutch government undertaking efforts at strategic level to bolster cyber security in the Netherlands.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

Attack Research

Attack Research

We go far beyond standard tools and scripted tests. Find out if your network or technology can stand real-world and dedicated attackers.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

Cybalt

Cybalt

Cybalt is a security services company that provides end-to-end security solutions to help clients achieve their business goals.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

SECTA5

SECTA5

SECTA5 is a cybersecurity company building a next-generation Continuous Threat and Exposure Management platform, leveraging the expertise of offensively trained cyber defenders.

CPX

CPX

At CPX, we go beyond addressing today’s security risks—we anticipate the challenges of tomorrow.