Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

Russian Hackers Attacking Ukraine Military With Malware Via Telegram

Oct. 31, 2024, 8 p.m.

Description

Russian hackers, identified as UNC5812, are targeting the Ukrainian military through a sophisticated cyber operation. The attackers use a deceptive Telegram channel and website posing as a civil defense service to distribute malware for both Windows and Android devices. The Windows attack deploys Pronsis Loader, which installs SUNSPINNER (a decoy mapping application) and PURESTEALER (an information-stealing malware). Android users are targeted with CRAXSRAT, a commercial backdoor malware. The operation spreads through promoted posts in legitimate Ukrainian Telegram channels and employs social engineering tactics. The campaign also includes an influence operation sharing anti-mobilization content across pro-Russian social media networks. This cyber-espionage effort aims to exploit recent changes in Ukraine's mobilization laws and the introduction of digital military IDs.

Date

Published: Oct. 31, 2024, 3:14 p.m.

Created: Oct. 31, 2024, 3:14 p.m.

Modified: Oct. 31, 2024, 8 p.m.

Indicators

f2058183f59cba1aed685d44e5c5b9d56995cfa54b38e18889c059b2bde36b3a

d66075b2c70c3de22c9e774ad9e5f88d3d85708d1a5b17ccd4e76049c86b49b5

614e74654773e617475d519edd23380f531b60264fd7f8ed86aebf28efed4e39

4c699f4ddb494bd442aa0cc3eceec77aa72fb41536eff8d09bd601e354130c3e

b4f7414f3c6de7cad88c4178ecfc8201d123fb6db9a5ecd8053f7750757d154e

206.71.149.194

185.169.107.44

Attack Patterns

CRAXSRAT

Pronsis Loader

PURESTEALER

SUNSPINNER

UNC5812

T1608.001

T1588.002

T1189

T1113

T1123

T1005

T1547

T1071

T1102

T1204

T1056

T1584

T1566

T1059

Additional Informations

Defense

Government

Ukraine

Russian Federation