The Government Computer Emergency Response Team of Ukraine CERT-UA detected and neutralized another cyber attack on representatives of the Defense Forces of Ukraine. Criminals tried to infect military computers with malicious software.
This was reported by the State Service of Special Communications and Information Protection of Ukraine.
The attack was carried out through the Signal messenger. Cybercriminals sent the military an XLS document in the guise of a report and, impersonating a colleague, asked for help in creating a report. This document contained malicious code — if the victim opens it, it downloads the COOKBOX malware onto the computer.
According to CERT-UA, similar cyberattacks have been attempted to be carried out point by point since the fall of 2023. Such activity is tracked by the identifier UAC-0149.
In one of the military units, computers were prevented from being infected thanks to EDR class protection technology. CERT-UA emphasizes the need to install such technologies on all computers of the Defense Forces of Ukraine. For this, you need to contact the ITS Cyber Security Center (military unit A0334; e-mail address: [email protected] ).