UAC-0184: Targeted attacks on Ukrainian servicemen using the recruiting theme related to the 3rd Separate Special Purpose Brigade and the Israeli Defense Forces (IDF)
released on 2024-01-11 @ 10:35:39 PM
Trendmicro experts informed CERT-UA on 22.12.2023 about the discovery of suspicious files, most of which were related to the theme of war.+
Based on the information received, CERT-UA took measures to investigate a series of cyber attacks that, under the guise of recruiting for the 3rd Separate Special Purpose Brigade and the Israeli Defense Forces (IDF), are targeting servicemen of the Armed Forces of Ukraine.
It has been determined that, no later than November 2023, unidentified individuals are using Signal to distribute archives containing LNK files. The execution of these files initiates a chain of infection with the REMCOSRAT and REVERSESSH malware, leading to the creation of technical conditions for unauthorized remote access to computers for malicious actors.