Ukraine’s Military Intelligence Hit By Cyber Attacks

Ukrainian security authorities have confirmed that its Delta military intelligence system has been hit by some cyber attacks. Hackers targeted software critical to Ukraine’s military efforts with information-stealing malware, Ukraine’s Computer Emergency Response Team (CERT-UA) said recently.

The attackers sent messages in mid-December from a hacked email address belonging to a Ukraine Ministry of Defence employee to users of the programme, which is called Delta. CERT-UA publicised the incident a few days later, on December 18. 

The Delta system is used for key situational awareness and collecting information about enemy forces as well as coordinating of defence forces. The Delta system is built to be compatible with NATO equipment and provides a comprehensive understanding of the battle space in real time. It also integrates information about the enemy from various sensors and sources, including those from intelligence, on a digital map. 

The Delta doesn’t require any additional settings and can work on any device: on a laptop, tablet or mobile phone.

The attackers leveraged a compromised Ministry of Defence email account to launch phishing messages in an attempt to lure recipients into installing a fake update to the Delta system. If a recipient clicks on the link, a “certificates_rootca.zip” archive containing the “certificates_rootCA.exe” executable file protected by VMProtect will be downloaded to their computer, CERT-UA has said.   

The email contains a malicious PDF attachment that claims to have instructions on how to initiate the update as well as a malicious ZIP archive link. If the file is clicked, an executable is downloaded onto the computer.

Although VMProtect is legitimate software designed to protect files by containing them in a virtual machine, it is being used here with the purpose of hiding the malicious exe and DLL files from analysis by security tools.
CERT-UA did not attribute the attack, although threat actors tied to the Russian state would be an obvious guess.

Since Russia invaded Ukraine on February 24, 2022, most Western commentators have downplayed the role of offensive cyber operations in Moscow’s larger war effort. Analysts have often called Russian cyber operations unsophisticated, ill-planned, poorly integrated with activities in other domains. 

That the systems have been ably defended by Ukraine and its foreign partners  and have been insignificant  when compared to the large-scale death and destruction caused by physical weapons. But now, Russia is using other more sophisticated hacking groups, most likely from the expert cohort of cyber criminals there, to help them with the war effort.

CERT Ukraine:     Ukraine Military Center:    Carnegie Endowment:      Oodaloop:    The Record:   Wired

Infosecurity Magazine:    Economist:  

You Might Also Read: 

Ukraine Uses Artificial Intelligence To Speed Up Attacks:

 

« Cyber Security Awareness Training For Management & Employees
Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cloud Industry Forum (CIF)

Cloud Industry Forum (CIF)

Cloud Industry Forum is a non-profit industry body that champions and advocates the adoption and use of Cloud-based services by businesses and individuals.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

Forensic Control

Forensic Control

Forensic Control specialise in providing simple & straightforward Cyber Security to organisations, helping them assess, prevent and respond to cyber threats.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

At RIT’s Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.