Russian hackers have increased the number of cyberattacks on the mobile devices of the Ukrainian military, the State Service for Special Communications reports, citing the analytical report "Russian Cyber Operations" H2 '2023 by specialists of the government's Computer Emergency Response Team of Ukraine (CERT-UA).
In the second half of 2023, hackers affiliated with the GRU actively used messengers and social engineering to spread malware.
Key points in attacks on mobile devices:
- using legitimate products as disguises: hackers disguised spyware as installers of legitimate software, such as the Kropyva situational awareness system
- spreading malware via Signal and Telegram: attackers used these messengers to distribute malicious files, disguising them as cybersecurity instructions from CERT-UA
- Rapid response and adaptation: hackers reacted quickly to new defence methods and developed new attack vectors
- Targeting Windows software: most attacks through messengers were aimed at spreading malware for Windows, as many military personnel use computer versions of messengers
- use of decoy files: the attackers distributed malware in the form of Zip or Rar archives, disguising them as certificate updates for the Delta situational awareness system.
The State Special Communications Service of Ukraine calls on the Ukrainian military to be vigilant and follow the following recommendations
- do not download files from unknown sources, even if they come from people you know
- do not open links in suspicious messages
- update the operating system and software on your devices
- use strong passwords and do not use the same password for different accounts.