Russia's Latest Cyber Campaign Targeting Ukraine Uncovered by Google TAG

Google TAG uncover Russian Cyber attack on Ukraine

Google's Threat Analysis Group ( TAG ) and Mandiant have recently expose a cyberattack target Android and Windows user name UNC5812. This attack, suspect to be Russian espionage and influence operation, was detect in September 2024. The attacker use a Telegram character name"Civil Defense"to distribute malware disguise as free software to people quest military recruiter for draftee in Ukraine. The operation involve a malicious Telegram channel and a web_site set up for this purpose.

The malware distribute in the UNC5812 attack is tailor for different operate system, with Android user being target with a back_door application know as Craxstat. The attacker are also prosecute in influence activity, spread narrative to sabotage support for Ukraine's mobilization attempt. The political_campaign is still ongoing and actively target Ukrainian-language community through promote post in Telegram channels.

Russian espionage Cyber attack purpose to sabotage Ukraine

The goal of the cyber political_campaign is to carry victim to download malware by voyage to a web_site under the attacker' control. The web_site include sociable technology content and detail instruction_manual on disable Google Play Protect to install malicious application. While the political_campaign also advertise support for iOS and macOS malware, the warhead available during the analysis were only for Android and Windows operate systems.

The attacker use a fake version of the legalize Ukrainian-language tool"Civil Defense"to drop malware and misinformation, target person look to articulation the Ukrainian military. Windows user are deliver Pronsis Loader, Sunspinner, and Purestealer, while Android user receive Craxsrat. The malicious web_site justify the installation of application outside the App Store by claim to protect user' security and anonymity.

Russian Cyber political_campaign Against Ukraine's military Efforts

In addition to the espionage operation, the Russian cyber political_campaign purpose to suppress Ukraine's military mobilization attempt through disinformation. The malicious version of the"Civil Defense"site and Telegram channel have been push out anti-Ukrainian military content. The attacker use arsonist video and chat togs to disrepute recruitment attempt and promote anti-mobilization narratives.

Russia's use of cyberattacks as part of its war scheme against Ukraine is not new. The menace group Sandworm is know to actively support Russian military activity in Ukraine. This newly uncover cyber political_campaign highlight the assorted hacker group involve in transport out Russia's cyber war agenda. It is necessity for user to stay argus-eyed and protect their devices from such malicious attack by exploitation security measure like Google Play Protect and Safe Browsing.