Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.
19.03.2025
1555

Journalist
Shostal Oleksandr
19.03.2025
1555

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.
In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.
Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).
'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.
Read also
- Air raid alarm spreads across Ukraine: Russia launched drones and remains silent about a ceasefire
- Trump ready to ramp up sanctions against Russia amid ultimatum from the West – Bloomberg
- Russian Army Transitions to Motorcycles for Assault Operations - Media
- Special Forces entered the enemy's rear and eliminated an assault group of eight Russians
- The Kremlin Uses the Ceasefire Theme for Manipulation - ISW
- On the Siverskyi direction, the Russians have accumulated motorcycles for storming the positions of the Armed Forces of Ukraine