Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Russian Hackers Target Ukraine via Telegram

October 29, 2024
Reading Time: 2 mins read
in Alerts
Russian Hackers Target Ukraine via Telegram

A suspected Russian espionage group, tracked by Google’s Threat Analysis Group (TAG) and Mandiant as UNC5812, is leveraging the popular messaging platform Telegram to deliver malware targeting the Ukrainian military. Operating under the guise of a channel named “Civil Defense,” which was created on September 10, 2024, the group claims to provide free software programs aimed at helping potential conscripts locate and share crowdsourced information about military recruiters. However, the true intent behind this operation is to distribute malicious applications designed to compromise both Windows and Android devices.

Upon closer inspection, users who interact with the Civil Defense channel are led to download a malicious APK, specifically crafted to bypass Google Play Protect. This APK, identified by the package name “com.http.masters,” deploys a notorious remote access trojan known as CraxsRAT. Once installed, CraxsRAT grants the attackers extensive control over the victim’s device, enabling functionalities such as keylogging, screen and camera recording, and remote device management. This level of access poses significant risks, allowing the group to gather sensitive information from targeted individuals within the military.

For Windows users, the malware delivery process involves a ZIP archive that contains a newly discovered PHP-based malware loader called Pronsis. This loader is utilized to distribute additional malicious payloads, including an off-the-shelf data stealer known as PureStealer, which is marketed for prices ranging from $150 for a monthly subscription to $699 for a lifetime license. Additionally, a decoy mapping application named SUNSPINNER is deployed, displaying purported locations of military recruiters based on information from the group’s command-and-control server, further misleading victims.

Beyond merely compromising devices, UNC5812’s campaign serves a dual purpose of psychological warfare and disinformation. The group actively disseminates narratives aimed at undermining support for Ukraine’s mobilization and military recruitment efforts, utilizing messaging apps as a critical vector for malware delivery. This approach exemplifies the evolving tactics of cyber espionage, highlighting the significant role of social media and messaging platforms in contemporary warfare. As this conflict continues to unfold, the potential for cyberattacks to disrupt not only military operations but also societal cohesion remains a pressing concern.

Reference:
  • Russian Espionage Group Delivers Malware to Ukrainian Military via Telegram
Tags: CraxsRATCyber AlertsCyber Alerts 2024Cyber threatsGoogleMalwareMandiantMilitaryOctober 2024RussiaTelegramUkraineUNC5812
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial