Emergency Response Team in Ukraine (CERT-UA) prevention a new company aimed at the defense sector with dark crystals (Aka Endkrat).
The company, found earlier this month, was sent to both employees of the defense complex and individual representatives of the Ukrainian defense forces.
Activities involves the distribution of malicious messages through the messaging application that contains the intended meeting protocols. Some of these messages are sent from previously violated signal accounts to increase the likelihood of success attacks.
The reports are shared as archival files that contain PDF and the executable file specified. Net Evaital Crypter called On Darktort This deciphering and launches malicious DCRAT software.
DCRAT, well -documented Trojan remote access (rat), facilitates the execution of arbitrary teams, steals valuable information and sets the remote control over infected devices.
CERT-UA attributes the activity with the threat cluster that it monitors as UAC-0200Which is known to have been actively working at least since the summer of 2024.
“The use of popular messengers, both on mobile devices and on computers, greatly expands the surface of the attack, including from the creation of uncontrolled (in the context of protection) of information sharing channels,” the agency added.
Development stems from the alleged signal decision to stop responding to requests from Ukrainian law enforcement agencies regarding Russian cyber -spagrosis, In the hall to the record.
“From his inaction, the signal helps the Russians collect information, focus on our soldiers and compromise state officials,” said the Deputy Secretary of the National Security and Defense Council of Ukraine Sergius Demediv.
However, the CEO of the Medi -Witcper signal refuted the lawsuit, reference “We do not officially work with any governments, Ukraine, or others, and we have never stopped. We are not sure where it came from and why.”
This also happens as a result of reports Microsoft and Google The fact that Russian cyber -subjects are increasingly focusing on getting unauthorized access to WhatsApp and signal accounts, using the function of the device as the Ukrainians turned to the signal as an alternative to the telegram.
