UA EN RU
All topics
Topics
UA EN RU
Last news
Canada has imposed sanctions against the coach and lover of Putin yesterday, 23:43
The Russian missile program essentially consists of propaganda - expert yesterday, 22:44
Pro-Russian cultural center in Berlin costs Germany €70,000 per year yesterday, 22:39
Trump announced full control of the U.S. and Israel over Iranian airspace and demanded Tehran's capitulation yesterday, 20:51
Pension payments for disabled servicemen: what is important to know yesterday, 19:31
CPD explained why the Russian Federation is systematically shutting down mobile internet in the regions yesterday, 18:58
Summer Offensive of the Enemy: The Russian Army Activates on Seven Fronts yesterday, 16:15
Germany co-finances three drone production projects in Ukraine yesterday, 15:50
Surrounded Kyiv: Air Force Reveals Tactics of Terrorist Attack on the Capital yesterday, 15:25
Benefits for Fiber-Optic Controlled Drone Manufacturers: What Has Changed yesterday, 14:10
National Police Conducted Over 940 Searches Resulting in the Seizure of Illegal Weapons yesterday, 13:20
Held for four days: Israel announces the elimination of Iran's new Chief of Staff yesterday, 13:08
Ukraine prepares for provocations during Russian-Belarusian exercises yesterday, 12:55
Over 2300 medical facilities damaged or destroyed due to the war - Ministry of Health yesterday, 12:05
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 2088
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 2088
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Canada has imposed sanctions against the coach and lover of Putin
Canada has imposed sanctions against the coach and lover of Putin
yesterday, 23:43 309
The Russian missile program essentially consists of propaganda - expert
The Russian missile program essentially consists of propaganda - expert
yesterday, 22:44 432
Pro-Russian cultural center in Berlin costs Germany €70,000 per year
Pro-Russian cultural center in Berlin costs Germany €70,000 per year
yesterday, 22:39 390
Trump announced full control of the U.S. and Israel over Iranian airspace and demanded Tehran's capitulation
Trump announced full control of the U.S. and Israel over Iranian airspace and demanded Tehran's capitulation
yesterday, 20:51 615
Pension payments for disabled servicemen: what is important to know
Pension payments for disabled servicemen: what is important to know
yesterday, 19:31 604
CPD explained why the Russian Federation is systematically shutting down mobile internet in the regions
CPD explained why the Russian Federation is systematically shutting down mobile internet in the regions
yesterday, 18:58 698

Advertising