Ukraine’s Military Intelligence Hit By Cyber Attacks

Ukrainian security authorities have confirmed that its Delta military intelligence system has been hit by some cyber attacks. Hackers targeted software critical to Ukraine’s military efforts with information-stealing malware, Ukraine’s Computer Emergency Response Team (CERT-UA) said recently.

The attackers sent messages in mid-December from a hacked email address belonging to a Ukraine Ministry of Defence employee to users of the programme, which is called Delta. CERT-UA publicised the incident a few days later, on December 18. 

The Delta system is used for key situational awareness and collecting information about enemy forces as well as coordinating of defence forces. The Delta system is built to be compatible with NATO equipment and provides a comprehensive understanding of the battle space in real time. It also integrates information about the enemy from various sensors and sources, including those from intelligence, on a digital map. 

The Delta doesn’t require any additional settings and can work on any device: on a laptop, tablet or mobile phone.

The attackers leveraged a compromised Ministry of Defence email account to launch phishing messages in an attempt to lure recipients into installing a fake update to the Delta system. If a recipient clicks on the link, a “certificates_rootca.zip” archive containing the “certificates_rootCA.exe” executable file protected by VMProtect will be downloaded to their computer, CERT-UA has said.   

The email contains a malicious PDF attachment that claims to have instructions on how to initiate the update as well as a malicious ZIP archive link. If the file is clicked, an executable is downloaded onto the computer.

Although VMProtect is legitimate software designed to protect files by containing them in a virtual machine, it is being used here with the purpose of hiding the malicious exe and DLL files from analysis by security tools.
CERT-UA did not attribute the attack, although threat actors tied to the Russian state would be an obvious guess.

Since Russia invaded Ukraine on February 24, 2022, most Western commentators have downplayed the role of offensive cyber operations in Moscow’s larger war effort. Analysts have often called Russian cyber operations unsophisticated, ill-planned, poorly integrated with activities in other domains. 

That the systems have been ably defended by Ukraine and its foreign partners  and have been insignificant  when compared to the large-scale death and destruction caused by physical weapons. But now, Russia is using other more sophisticated hacking groups, most likely from the expert cohort of cyber criminals there, to help them with the war effort.

CERT Ukraine:     Ukraine Military Center:    Carnegie Endowment:      Oodaloop:    The Record:   Wired

Infosecurity Magazine:    Economist:  

You Might Also Read: 

Ukraine Uses Artificial Intelligence To Speed Up Attacks:

 

« Cyber Security Awareness Training For Management & Employees
Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

Infosec Train

Infosec Train

Infosec Train provide professional training, certifications & professional services related to all spheres of Information Technology and Cyber Security.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Zally

Zally

Using advanced behavioural biometrics and AI, Zally is the world's answer to next-generation security.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.