Hackers are using Signal to send phishing links to defense industry employees and representatives of the Defense Forces. What to avoid

Attackers sent phishing messages with malicious archives via Signal. The attached files were disguised as meeting reports. Sometimes the messages appeared to come from familiar contacts who had been compromised by hackers.

Typically, the mentioned archives contain a file with the extension «.pdf», as well as an executable file classified as DarkTortilla, which is a cryptor/loader software tool whose purpose is to decrypt and launch (including by injection) the Dark Crystal RAT (DCRAT) remote control software tool.

CERT-UA has noticed similar criminal activity with the identifier UAC-0200. It has been observed since the summer of 2024. This year, starting in February, the decoy messages mostly mention UAVs, electronic warfare equipment, and other military technologies.

Read the country’s main IT news in our Telegram

On the topic

Read the country’s main IT news in our Telegram

Hackers from the Lazarus group attacked another crypto exchange after Bybit. How OKX was affected

On the topic

Hackers from the Lazarus group attacked another crypto exchange after Bybit. How OKX was affected

72% of cyber incidents have a medium level of criticality. Cyber ​​expert from the Ministry of Defense on attacks on the ministry by Russian hackers: method, countermeasures and bias

On the topic

72% of cyber incidents have a medium level of criticality. Cyber ​​expert from the Ministry of Defense on attacks on the ministry by Russian hackers: method, countermeasures and bias

Attackers are using the EvilLoader exploit to force Telegram users on Android to install malicious software. What the messenger’s representatives say about this

On the topic

Attackers are using the EvilLoader exploit to force Telegram users on Android to install malicious software. What the messenger’s representatives say about this