UA EN RU
All topics
Topics
UA EN RU
Last news
The Kremlin has started to provide shelters: Information about bomb shelters will be available on the Russian portal 'Gosuslugi' yesterday, 16:54
Cyber specialists of the GUR hacked the resources of the Russian manufacturer of strategic bombers yesterday, 16:15
Ukraine has every legal and moral right to nuclear weapons, - Andriy Biletsky yesterday, 14:57
Elon Got Upset: The Real Reasons Behind Musk's Criticism of Trump yesterday, 14:35
The War Split the Russian Economy: Military Production on the Rise, Civil Sectors Declining yesterday, 13:45
The enemy is trying to break through to the south to the administrative border of three regions yesterday, 10:25
Russians mass attacked with drones in Pryluky: there are dead and wounded yesterday, 07:15
Trump bans entry to the USA for citizens of 12 countries yesterday, 04:27
The new commander of the Drone Forces outlined his first steps in office 04.06.2025
Ukrainians will be able to serve in the Armed Forces after 60: an important decision has been made 04.06.2025
Zelensky announced when the exchange of prisoners will take place 04.06.2025
Democrats have lost an effective strategy to combat Trumpism - expert 04.06.2025
SBU showed unique footage of the start of Operation 'Spider Web' 04.06.2025
US-China Talks at Risk Due to Different Approaches of Trump and Xi Jinping 04.06.2025
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 1860
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 1860
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
The Kremlin has started to provide shelters: Information about bomb shelters will be available on the Russian portal 'Gosuslugi'
The Kremlin has started to provide shelters: Information about bomb shelters will be available on the Russian portal 'Gosuslugi'
yesterday, 16:54 566
Cyber specialists of the GUR hacked the resources of the Russian manufacturer of strategic bombers
Cyber specialists of the GUR hacked the resources of the Russian manufacturer of strategic bombers
yesterday, 16:15 569
Ukraine has every legal and moral right to nuclear weapons, - Andriy Biletsky
Ukraine has every legal and moral right to nuclear weapons, - Andriy Biletsky
yesterday, 14:57 647
Elon Got Upset: The Real Reasons Behind Musk's Criticism of Trump
Elon Got Upset: The Real Reasons Behind Musk's Criticism of Trump
yesterday, 14:35 652
The War Split the Russian Economy: Military Production on the Rise, Civil Sectors Declining
The War Split the Russian Economy: Military Production on the Rise, Civil Sectors Declining
yesterday, 13:45 637
The enemy is trying to break through to the south to the administrative border of three regions
The enemy is trying to break through to the south to the administrative border of three regions
yesterday, 10:25 838

Advertising