Hackers target Ukraine’s Delta Military Intelligence Program

Share post:

The Ukrainian military has alerted the national cybersecurity response team to a phishing campaign whose operators plan to steal files and siphon internet browser data.

According to CERT-UA (Computer Emergency Response Team of Ukraine), the attackers utilised hacked email accounts belonging to Ministry of Defense employees, as well as chat apps, to send out messages informing recipients about the need to update Delta system certificates. The malicious emails include documents with links to archive files hosted on a fake Delta domain.

The email in question contains a malicious PDF attachment with instructions on how to do so, as well as a link to a malicious ZIP archive.

If a recipient clicks on the link, a “certificates_rootca.zip” archive containing the “certificates_rootCA.exe” executable file protected by VMProtect will be downloaded to their computer, CERT-UA said.

“After running the exe file, several DLL files, also protected by VMProtect, and an ‘ais.exe’ file simulating the certificate installation process will be created on the PC,” it added.

According to CERT-UA, the executable contained in the malicious zip file that users were urged to download from the site was also compiled and digitally signed. It ran an application simulating the certificate installation process on a Windows desktop to make the infection process appear legitimate.

Two malicious applications were launched by the malware. One, dubbed “FateGrab” by CERT-UA, searched for files associated with documents, such as Microsoft Office file extensions, as well as files such as stored PowerShell commands or script files. FTP was the threat actor’s method of exfiltration.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Microsoft MFA Outage Blocks Access to Microsoft 365 Apps, Raising Cloud Reliability Concerns

Microsoft faced another significant service disruption over the weekend, with a Multi-Factor Authentication (MFA) outage that blocked users...

Cyber Attack Hits Key Dutch University, Raising Concerns for Chip Giant ASML

Eindhoven University of Technology, a critical partner for semiconductor giant ASML Holding NV, has been hit by a...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways