Ukraine’s governmental Computer Emergency Response Team (CERT-UA) took measures against a series of cyberattacks in which attackers sent messages with malware to the Armed Forces of Ukraine via Signal messenger on the topic of recruitment to the Third Separate Assault Brigade of the Armed Forces of Ukraine and the Israeli Defense Forces (IDF).
Trendmicro specialists detected suspicious activity at the end of December 2023, which was reported to CERT-UA. The attackers’ messages contain archive files, the launch of which will infect the computer with REMCOSRAT and REVERSESSH malware. At the same time, the names and contents of the archives are made interesting for the military – “prisoner interrogation”, “geolocation”, “coding commands”, “call signs”, etc.
CERT-UA notes that despite the use of publicly available tools (which may lead to similarities with other attacks), the described activity is a separate cluster of cyber threats due to other specific features and is tracked by the UAC-0184 identifier.