UA EN RU
All topics
Topics
UA EN RU
Last news
Rwanda and Congo signed a peace agreement mediated by the USA today, 02:15
End of Negotiations: Trump Sharply Changed Course in Dialogue with Canada on Tariffs today, 02:12
Ukraine is not ready for negotiations: Yermak revealed details of the conversation with advisors on the security of Western countries today, 00:05
Zelensky held a 'Technological Stake': priorities marked for drone production yesterday, 22:38
The Ministry of Foreign Affairs revealed the scale of Russian terror with cluster munitions yesterday, 21:01
The European Parliament rejected the consideration of the petition regarding the Finnish-Russian border yesterday, 20:06
It is very important to protect the population: Shmyhal has given instructions regarding electronic warfare yesterday, 14:35
Russians have changed their assault strategy - Defense Forces yesterday, 13:20
The White House is Cutting Funding for War Crimes Investigations in Ukraine yesterday, 12:30
The Office of the Prosecutor General is looking for a new head of the Internal Security Department yesterday, 12:13
Chemical Weapons: OPCW Found New Evidence of Russian War Crimes yesterday, 11:40
The Beginning of the End: Why Khamenei May Become Iran's Last Supreme Leader yesterday, 11:15
China responded to accusations of supplying weapons to parties in the war in Ukraine yesterday, 10:00
The Pentagon responded to whether the States have information about Iran's hidden uranium stockpile yesterday, 03:55
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 2294
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 2294
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Rwanda and Congo signed a peace agreement mediated by the USA
Rwanda and Congo signed a peace agreement mediated by the USA
today, 02:15 557
End of Negotiations: Trump Sharply Changed Course in Dialogue with Canada on Tariffs
End of Negotiations: Trump Sharply Changed Course in Dialogue with Canada on Tariffs
today, 02:12 611
Ukraine is not ready for negotiations: Yermak revealed details of the conversation with advisors on the security of Western countries
Ukraine is not ready for negotiations: Yermak revealed details of the conversation with advisors on the security of Western countries
today, 00:05 658
Zelensky held a 'Technological Stake': priorities marked for drone production
Zelensky held a 'Technological Stake': priorities marked for drone production
yesterday, 22:38 779
The Ministry of Foreign Affairs revealed the scale of Russian terror with cluster munitions
The Ministry of Foreign Affairs revealed the scale of Russian terror with cluster munitions
yesterday, 21:01 763
The European Parliament rejected the consideration of the petition regarding the Finnish-Russian border
The European Parliament rejected the consideration of the petition regarding the Finnish-Russian border
yesterday, 20:06 930

Advertising