Hackers have been sending malware messages to Ukrainian servicemen in the Signal messenger under the guise of recruitment to the 3rd Separate Assault Brigade of the Armed Forces of Ukraine and the Israeli Defence Forces (IDF). The government's Computer Emergency Response Team (CERT-UA), which operates under the State Special Communications Service, has taken action against a series of cyberattacks.
According to the State Special Communications Service, the messages contained archived files, which, if opened, infected the devices with REMCOSRAT and REVERSESSH malware, which provided hackers with remote access to them.
"At the same time, the attackers tried to make the names and contents of the archives interesting for the military - 'prisoner interrogation', 'geolocation', 'coding commands', 'call signs', etc.," the agency said.
The suspicious activity was detected by specialists from the US-Japanese company Trendmicro at the end of December 2023 and reported to CERT-UA. They added that the mailing was carried out no later than November 2023.
The State Special Communications Service notes that any suspicious activity on computers and information and communication systems of the Armed Forces of Ukraine must be immediately reported to the ITS Cyber Security Centre (military unit A0334; email: [email protected]).