Russia Targets Ukrainian Conscripts With Malware

Russian-linked cyber espionage group UNC5812 has been targeting Ukrainian military conscripts with Windows and Android malware in a sophisticated campaign. Disguised as recruitment avoidance tools, the malware has been distributed via a Telegram channel named “Civil Defense” and a website registered earlier this year. The campaign was uncovered by Google’s Threat Analysis Group (TAG) and Mandiant in late 2024.

The primary target of this cyber campaign is Ukrainian men of draft age. UNC5812 promotes what it claims is “free software” to help users track and avoid military recruiters. The apps, branded as “Sunspinner,” are designed to appear as crowd-sourced tools but instead deliver potent malware to compromise victims' devices.

According to Google’s report, the Android version installs CraxsRAT, a notorious remote access trojan (RAT) with capabilities such as real-time location tracking, keystroke logging, and camera control. On Windows devices, a malicious ZIP file drops Pronsis Loader, which initiates a multi-stage delivery chain that results in the execution of the PureStealer info-stealer.

The persona of "Civil Defense" does not impersonate any legitimate Ukrainian governmental body. Instead, it uses Telegram and a website to distribute anti-recruitment narratives, intending to foster distrust towards Ukraine’s military efforts.

To deceive users, the malware prompts victims to disable Google Play Protect, making the infection process seamless and reducing the likelihood of detection. Once installed, the Android malware exfiltrates sensitive data such as contacts, SMS, and credentials. The Windows malware steals browser-stored information, cryptocurrency wallet details, and other sensitive information.

This campaign fits into a broader Russian strategy to use cyber tools as both espionage and psychological warfare. As The Record highlighted, UNC5812 doesn’t just stop at malware. Its influence operations encourage Telegram followers to submit videos of alleged injustices at recruitment centers, further fueling distrust towards the Ukrainian military.

Google’s TAG emphasized the growing importance of messaging apps like Telegram in the broader cyber dimensions of Russia's war against Ukraine. As long as these platforms continue to serve as crucial information hubs during the war, they are likely to remain central to future cyber operations.

See TessMore Internet Business Must-Reads

Comments

13 Best Cheap Web Hosting Services of 2022 (Ranked)

Let’s face it: there are a ton of different web hosting options on the market with great features. A lot of the time, it comes down to price. I ranked and reviewed the best cheap web hosting options to try this year. These reviews are based on pricing, hosting features, integrations, security, speed, and more. Let’s get started. Disclaimer: This article contains affiliate links that I receive a small commission for at no cost to you. However, these are merely the tools I fully recommend when it comes to hosting a website. You can read my full affiliate disclosure in my privacy policy . What is the Best Cheap Web Hosting? Here are my top picks for the best cheap web hosting: 1. Bluehost . Bluehost is a web hosting company that hosts over 2 million domains collectively. Their initial plan starts at $2.95 per month, and you get a 30-days money-back guarantee with all the plans. Recommended web host by WordPress.org for more than a de...

Only 1 in 10 NFT Owners Have Never Experienced a Scam

A new survey from PrivacyHQ reveals 90% or nine out of 10 respondents experienced an NFT scam. This level of uncertainty is cause for concern for a relatively new marketplace that is generating billions of dollars. Only 1 in 10 NFT Owners Have Never Experienced a Scam The PrivacyHQ survey spoke to 1,008 people in the U.S. who are actively investing in and own NFTs. And according to the report, there are some horror stories and great lessons to be learned. The key takeaways from the survey are: Less than half of NFT owners feel their NFTs are secure Two out of 3 respondents said they had panic-sold NFTs in the past Nine out of 10 respondents had experienced an NFT scam Half of the respondents had lost access to their NFTs at some point When it comes to NFT scams there were multiple ways in which buyers were scammed. Topping the list of the most common scams experienced by these respondents starts out with the NFT provider shutting down or changing their URL at 44.8%. Next is...

How to Safely Change Your WordPress Theme (Beginner’s Guide)

Learning how to change your WordPress theme seems like a very basic thing. Simply go to Appearance > Themes , hover over any of the available WordPress themes, and click Activate , right? While that is correct in principle and works well for a site that is basically empty, it gets a bit more complicated for an established website with a lot of content. In that case, it becomes more of a case of how to change your WordPress theme safely and without losing anything. And that’s exactly what will talk about here. In the following, you will learn what risks there are to changing your WordPress theme. We will talk about how to prepare for the switch, different ways of performing it, and how to check your site after you are done. Changing Your WordPress Theme: Potential Risks Before going over the how-to part, let’s first discuss why you need to be cautious when changing your WordPress theme and what things can break. First of all, you can generally relax. WordPress is built in a way ...

TessMore Internet Business

Search This Blog