Today > 10 Critical | 17 High | 31 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

Oct. 29, 2024, 1:27 p.m.

Description

A Russian hybrid espionage and influence operation, dubbed UNC5812, targets potential Ukrainian military recruits through a Telegram persona called 'Civil Defense'. The campaign delivers Windows and Android malware, including SUNSPINNER, PURESTEALER, and CRAXSRAT, while simultaneously spreading anti-mobilization narratives. The operation uses social engineering tactics to bypass security measures and gain extensive permissions on victims' devices. UNC5812 also engages in influence activities to undermine Ukraine's mobilization efforts by soliciting and sharing content that discredits Ukrainian military recruitment practices. The campaign leverages both a dedicated website and Telegram channel to distribute malware and propagate anti-mobilization messages.

Date

Published: Oct. 28, 2024, 3:48 p.m.

Created: Oct. 28, 2024, 3:48 p.m.

Modified: Oct. 29, 2024, 1:27 p.m.

Indicators

b4f7414f3c6de7cad88c4178ecfc8201d123fb6db9a5ecd8053f7750757d154e

206.71.149.194

185.169.107.44

Attack Patterns

CRAXSRAT

Pronsis Loader

PURESTEALER

SUNSPINNER

UNC5812

T1553.001

T1059.006

T1059.007

T1114

T1056.001

T1113

T1199

T1005

T1573

T1071

T1102

T1204

T1140

T1027

T1041

T1001

T1566

T1059

CVE-2024-47575

Additional Informations

Defense

Government

Ukraine