Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

Tags

External References

• https://cloud.google.com/
• https://otx.alienvault.com/

Description

A Russian hybrid espionage and influence operation, dubbed UNC5812, targets potential Ukrainian military recruits through a Telegram persona called 'Civil Defense'. The campaign delivers Windows and Android malware, including SUNSPINNER, PURESTEALER, and CRAXSRAT, while simultaneously spreading anti-mobilization narratives. The operation uses social engineering tactics to bypass security measures and gain extensive permissions on victims' devices. UNC5812 also engages in influence activities to undermine Ukraine's mobilization efforts by soliciting and sharing content that discredits Ukrainian military recruitment practices. The campaign leverages both a dedicated website and Telegram channel to distribute malware and propagate anti-mobilization messages.

Date