A new report reveals that Russian hackers are actively targeting Ukrainian servicemen through messaging apps to obtain their personal data, highlighting the ongoing cyber warfare between the two nations.
These findings come as the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) published its Russian Cyber Operations (H1 2024) analysis.
The research noted that the capabilities of hackers are continually growing, and cyberspace remains a battlefield in its own right.
The SSSCIP noted that corporate services often have robust security measures, so hackers are turning to other channels to obtain information including messaging apps. This includes apps like Signal, which are widely used by military personnel and have become a prime target for these attacks.
“Once hackers gather enough personal information, they initiate contact with their target, often impersonating someone they know. In some cases, hackers have even exploited dating platforms to build trust with their victims,” a statement from SSSCIP noted.
Hackers then send a malicious archive with a shortcut, disguised as something relevant to the conversations, such as awards, combat footage or recruitment information. When opened, the archive appears to contain the expected content, but in fact secretly infects the system with malware.
The activity has been attributed to threat actor UAC-0184, a Russia-aligned cyber-espionage actor.
The report found that between H2 2023 and H1 2024 there has been a 40% increase in incidents involving malware distribution. Overall, there has been a 19% increase in the number of registered incidents.
Cyber-Attack Targets Ukrainian Energy Infrastructure via Supply Chain
The analysis found that the number of high and critical security incidents has overall decreased. However, there has been a significant increase in attacks on government organizations and local authorities.
In the report, SSSCIP noted that energy companies have been targeted via supply chain attacks.
In March 2024, UAC-0002 attempted a destructive attack against nearly 20 Ukrainian energy infrastructure entities, including power, heat and water supply facilities.
During this attack they targeted three supply chains simultaneously. SSSCIP came to this conclusion because in some cases, the initial unauthorized access correlated with the installation of specialized software containing backdoors and vulnerabilities.
In other cases, the attackers compromised employees’ accounts of the service provider who routinely had access to the Industrial Control Systems (ICS) of organizations for maintenance and technical support.
Malware known as Loadgrip and Biasboat was discovered.
The campaign, the SSSCIP said, was likely to have been intended to amplify the impact of missile strikes on Ukraine’s infrastructure in the spring of 2024.
Image credit: Alim Yakubov / Shutterstock.com