Security Experts:

Connect with us

Hi, what are you looking for?



Ukraine’s Delta Military Intelligence Program Targeted by Hackers

Ukraine's Delta military program likely targeted by Russia

Ukraine's Delta military program likely targeted by Russia

Ukraine’s Computer Emergency Response Team (CERT-UA) revealed recently that users of the country’s Delta military intelligence program have been targeted with data-stealing malware.

According to CERT-UA, the attackers have used hacked email accounts belonging to Ministry of Defense employees, as well as messaging applications, to send out messages informing recipients about the need to update certificates in the Delta system. The malicious messages carry documents containing links to archive files hosted on a fake Delta domain.

These files are designed to deploy two pieces of malware onto compromised systems, including one named FateGrab, which harvests emails, databases, scripts and documents, and one called StealDeal, which collects internet browser and other data.

Ukraine has attributed the attack to a group it tracks as UAC-0142, but has not shared any other information on who may be behind the attack.

However, Russia has been known to target the Delta system. Ukrainian journalist Yuriy Butusov said Russian hackers gained limited access to the system earlier this year, but claimed they did not manage to obtain any important information. Butusov’s comments on the subject came after Russia claimed that the Delta system had been hacked.

Ukraine’s Delta system collects information about the enemy, helps coordinate defense forces, and provides situational awareness. It has been touted as a very valuable resource in Ukraine’s arsenal, which likely makes it an important target for Russia’s cyberwarriors.

Russia has intensified cyberattacks against Ukraine since it started planning the country’s invasion, often using wiper malware to cause disruption.

The main concern is that Russia could launch massive cyberattacks targeting critical infrastructure, as shown in the attack involving the Industroyer2 industrial control system (ICS) malware — used earlier this year against a Ukrainian energy provider — and the Pipedream/Incontroller malware designed to manipulate and disrupt industrial processes.

Related: Cybercriminals Seek to Profit From Russia-Ukraine Conflict

Related: Russia Coordinating Cyberattacks With Military Strikes in Ukraine

Related: Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.