Ukraine’s Military Intelligence Hit By Cyber Attacks

Uploaded on 2022-12-28 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

Ukrainian security authorities have confirmed that its Delta military intelligence system has been hit by some cyber attacks. Hackers targeted software critical to Ukraine’s military efforts with information-stealing malware, Ukraine’s Computer Emergency Response Team (CERT-UA) said recently.

The attackers sent messages in mid-December from a hacked email address belonging to a Ukraine Ministry of Defence employee to users of the programme, which is called Delta. CERT-UA publicised the incident a few days later, on December 18. 

The Delta system is used for key situational awareness and collecting information about enemy forces as well as coordinating of defence forces. The Delta system is built to be compatible with NATO equipment and provides a comprehensive understanding of the battle space in real time. It also integrates information about the enemy from various sensors and sources, including those from intelligence, on a digital map. 

The Delta doesn’t require any additional settings and can work on any device: on a laptop, tablet or mobile phone.

The attackers leveraged a compromised Ministry of Defence email account to launch phishing messages in an attempt to lure recipients into installing a fake update to the Delta system. If a recipient clicks on the link, a “certificates_rootca.zip” archive containing the “certificates_rootCA.exe” executable file protected by VMProtect will be downloaded to their computer, CERT-UA has said.   

The email contains a malicious PDF attachment that claims to have instructions on how to initiate the update as well as a malicious ZIP archive link. If the file is clicked, an executable is downloaded onto the computer.

Although VMProtect is legitimate software designed to protect files by containing them in a virtual machine, it is being used here with the purpose of hiding the malicious exe and DLL files from analysis by security tools.
CERT-UA did not attribute the attack, although threat actors tied to the Russian state would be an obvious guess.

Since Russia invaded Ukraine on February 24, 2022, most Western commentators have downplayed the role of offensive cyber operations in Moscow’s larger war effort. Analysts have often called Russian cyber operations unsophisticated, ill-planned, poorly integrated with activities in other domains. 

That the systems have been ably defended by Ukraine and its foreign partners  and have been insignificant  when compared to the large-scale death and destruction caused by physical weapons. But now, Russia is using other more sophisticated hacking groups, most likely from the expert cohort of cyber criminals there, to help them with the war effort.

CERT Ukraine:     Ukraine Military Center:    Carnegie Endowment:      Oodaloop:    The Record:   Wired

Infosecurity Magazine:    Economist:  

You Might Also Read: 

Ukraine Uses Artificial Intelligence To Speed Up Attacks:

 

« Cyber Security Awareness Training For Management & Employees
Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

Infocyte

Infocyte

Infocyte's unique, agentless threat hunting platform for Windows and Linux is designed to rapidly assess network endpoints for evidence of compromise.

Emerging Payments Association (EPA)

Emerging Payments Association (EPA)

The Emerging Payments Association (EPA) is a commercial membership association of payments industry influencers.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Data Recovery Services (DRS)

Data Recovery Services (DRS)

DRS provides data recovery services from media including hard disk drives, RAID, solid state disks SSD, memory sticks, USB drives, SD cards, tapes and mobile phones.

AnchorFree

AnchorFree

AnchorFree is a Virtual Private Network services provider offering secure encrypted access to the internet.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service — basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

Fugue

Fugue

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.