UA EN RU
All topics
Topics
UA EN RU
Last news
The Special Representative of the Council of Europe outlined priorities for the protection of Ukrainian children today, 14:35
Tanks, Air Defense, Drones, and Shells: Germany Announces New Military Aid Package for Ukraine today, 13:45
Russia is using Greek tankers to bypass sanctions - external intelligence today, 13:20
The RF army is advancing in two directions on the eastern front today, 12:05
Russia has lost its naval bases in the Mediterranean Sea today, 10:50
The USA strengthens its military presence near Iran today, 10:00
ISW reveals Putin's plans: which region of Ukraine will come under attack today, 01:47
Palisa reported when Russia may intensify offensive actions yesterday, 22:51
Trump raised tariffs for China: The White House clarified the figures yesterday, 22:43
There are two paths: The Economist explained why Europe should spend more money on Ukraine yesterday, 18:29
Beijing called Zelensky's remarks about Chinese soldiers irresponsible yesterday, 16:40
'Not yet convinced': Trump was struck by the statement about China's involvement in the war against Ukraine yesterday, 14:35
Zelensky said who should control the ceasefire yesterday, 13:37
The Mayor of Kharkiv spoke about the new tactic of Russian strikes on the city yesterday, 12:52
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 877
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 877
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Image of a child with the Ukrainian flag
The Special Representative of the Council of Europe outlined priorities for the protection of Ukrainian children
today, 14:35 93
Tanks on the front line in Ukraine
Tanks, Air Defense, Drones, and Shells: Germany Announces New Military Aid Package for Ukraine
today, 13:45 90
Greek oil tankers for bypassing sanctions
Russia is using Greek tankers to bypass sanctions - external intelligence
today, 13:20 86
The RF army is advancing on the eastern front
The RF army is advancing in two directions on the eastern front
today, 12:05 141
Russian naval bases in the Mediterranean Sea
Russia has lost its naval bases in the Mediterranean Sea
today, 10:50 148
Positioning of American military power near Iran
The USA strengthens its military presence near Iran
today, 10:00 163

Advertising