Ukraine’s Computer Emergency Response Team (CERT-UA) revealed recently that users of the country’s Delta military intelligence program have been targeted with data-stealing malware.
According to CERT-UA, the attackers have used hacked email accounts belonging to Ministry of Defense employees, as well as messaging applications, to send out messages informing recipients about the need to update certificates in the Delta system. The malicious messages carry documents containing links to archive files hosted on a fake Delta domain.
These files are designed to deploy two pieces of malware onto compromised systems, including one named FateGrab, which harvests emails, databases, scripts and documents, and one called StealDeal, which collects internet browser and other data.
Ukraine has attributed the attack to a group it tracks as UAC-0142, but has not shared any other information on who may be behind the attack.
However, Russia has been known to target the Delta system. Ukrainian journalist Yuriy Butusov said Russian hackers gained limited access to the system earlier this year, but claimed they did not manage to obtain any important information. Butusov’s comments on the subject came after Russia claimed that the Delta system had been hacked.
Ukraine’s Delta system collects information about the enemy, helps coordinate defense forces, and provides situational awareness. It has been touted as a very valuable resource in Ukraine’s arsenal, which likely makes it an important target for Russia’s cyberwarriors.
Russia has intensified cyberattacks against Ukraine since it started planning the country’s invasion, often using wiper malware to cause disruption.
The main concern is that Russia could launch massive cyberattacks targeting critical infrastructure, as shown in the attack involving the Industroyer2 industrial control system (ICS) malware — used earlier this year against a Ukrainian energy provider — and the Pipedream/Incontroller malware designed to manipulate and disrupt industrial processes.
Related: Cybercriminals Seek to Profit From Russia-Ukraine Conflict
Related: Russia Coordinating Cyberattacks With Military Strikes in Ukraine
Related: Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
