Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Ukraine’s Delta Military Intelligence Program Targeted by Hackers

Ukraine's Delta military program likely targeted by Russia

Ukraine's Delta military program likely targeted by Russia

Ukraine’s Computer Emergency Response Team (CERT-UA) revealed recently that users of the country’s Delta military intelligence program have been targeted with data-stealing malware.

According to CERT-UA, the attackers have used hacked email accounts belonging to Ministry of Defense employees, as well as messaging applications, to send out messages informing recipients about the need to update certificates in the Delta system. The malicious messages carry documents containing links to archive files hosted on a fake Delta domain.

These files are designed to deploy two pieces of malware onto compromised systems, including one named FateGrab, which harvests emails, databases, scripts and documents, and one called StealDeal, which collects internet browser and other data.

Ukraine has attributed the attack to a group it tracks as UAC-0142, but has not shared any other information on who may be behind the attack.

However, Russia has been known to target the Delta system. Ukrainian journalist Yuriy Butusov said Russian hackers gained limited access to the system earlier this year, but claimed they did not manage to obtain any important information. Butusov’s comments on the subject came after Russia claimed that the Delta system had been hacked.

Ukraine’s Delta system collects information about the enemy, helps coordinate defense forces, and provides situational awareness. It has been touted as a very valuable resource in Ukraine’s arsenal, which likely makes it an important target for Russia’s cyberwarriors.

Russia has intensified cyberattacks against Ukraine since it started planning the country’s invasion, often using wiper malware to cause disruption.

The main concern is that Russia could launch massive cyberattacks targeting critical infrastructure, as shown in the attack involving the Industroyer2 industrial control system (ICS) malware — used earlier this year against a Ukrainian energy provider — and the Pipedream/Incontroller malware designed to manipulate and disrupt industrial processes.

Advertisement. Scroll to continue reading.

Related: Cybercriminals Seek to Profit From Russia-Ukraine Conflict

Related: Russia Coordinating Cyberattacks With Military Strikes in Ukraine

Related: Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...