DarkCrystal RAT Cyber Attacks Targeting Government Officials in Ukraine

Description

This intelligence document outlines targeted cyber attacks against government officials, military personnel, and defense industry representatives in Ukraine using the DarkCrystal RAT malware. The malware is distributed through the Signal messaging app, disguised as messages from existing contacts or group members. The attack involves sending an archive with a password and instructions to open the file on the victim's computer. The archive contains an executable file that is a RARSFX archive, which in turn contains malicious VBE, BAT, and EXE files that infect the system with DarkCrystal RAT, enabling unauthorized remote access. The report highlights the trend of increasing cyber attacks using messaging apps and compromised legitimate accounts, enticing victims to open files on their computers.