UA EN RU
All topics
Topics
UA EN RU
Last news
British intelligence assessed the pace of the Russian offensive in Ukraine today, 06:30
Drones attacked the Rostov region today, 04:59
Politico: Kyiv's attempt to attract Trump with rare earth metals ended in political failure today, 04:30
Bessent publicly accused Zelensky of breaking promises regarding subsoil resources today, 02:20
Orban can help Putin return hundreds of billions of frozen assets today, 00:15
Rutte assessed the prospects of Ukraine's NATO membership under Trump yesterday, 22:00
Trump's team explained who is disrupting the minerals agreement between Ukraine and the USA yesterday, 19:45
Financial Times: Ukraine investigates leak of mineral contract with the USA, officials to be polygraphed yesterday, 16:45
Be Afraid to Say: Zelensky Criticizes the US for Its Response to the Attack on Kryvyi Rih yesterday, 16:00
The Telegraph learned who could become the main negotiator with Putin from Europe yesterday, 14:30
The most popular military specialties identified in recruitment centers yesterday, 13:45
High-Precision Lies: Russia Made a Cynical Statement About the Missile Strike on Kryvyi Rih yesterday, 12:15
In Russia, drones destroyed a 'unique' defense plant for fiber optic production yesterday, 11:30
The State Emergency Service reported on the scale of demining since the beginning of the war yesterday, 03:22
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 775
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 775
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Tanks at the front in Ukraine
British intelligence assessed the pace of the Russian offensive in Ukraine
today, 06:30 103
Drones attacking the Rostov region
Drones attacked the Rostov region
today, 04:59 120
Political failure in Kyiv: attempt to attract Trump with rare earth metals
Politico: Kyiv's attempt to attract Trump with rare earth metals ended in political failure
today, 04:30 110
Bessent accused Zelensky of violating subsoil resources
Bessent publicly accused Zelensky of breaking promises regarding subsoil resources
today, 02:20 132
Visit of Viktor Orban to Russia
Orban can help Putin return hundreds of billions of frozen assets
today, 00:15 146
Rutte assessed the prospects of Ukraine's NATO membership under Trump
Rutte assessed the prospects of Ukraine's NATO membership under Trump
yesterday, 22:00 167

Advertising