Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Ukraine’s Delta Military Intelligence Program Targeted by Hackers

Ukraine's Delta military program likely targeted by Russia

Ukraine's Delta military program likely targeted by Russia

Ukraine’s Computer Emergency Response Team (CERT-UA) revealed recently that users of the country’s Delta military intelligence program have been targeted with data-stealing malware.

According to CERT-UA, the attackers have used hacked email accounts belonging to Ministry of Defense employees, as well as messaging applications, to send out messages informing recipients about the need to update certificates in the Delta system. The malicious messages carry documents containing links to archive files hosted on a fake Delta domain.

These files are designed to deploy two pieces of malware onto compromised systems, including one named FateGrab, which harvests emails, databases, scripts and documents, and one called StealDeal, which collects internet browser and other data.

Ukraine has attributed the attack to a group it tracks as UAC-0142, but has not shared any other information on who may be behind the attack.

However, Russia has been known to target the Delta system. Ukrainian journalist Yuriy Butusov said Russian hackers gained limited access to the system earlier this year, but claimed they did not manage to obtain any important information. Butusov’s comments on the subject came after Russia claimed that the Delta system had been hacked.

Ukraine’s Delta system collects information about the enemy, helps coordinate defense forces, and provides situational awareness. It has been touted as a very valuable resource in Ukraine’s arsenal, which likely makes it an important target for Russia’s cyberwarriors.

Russia has intensified cyberattacks against Ukraine since it started planning the country’s invasion, often using wiper malware to cause disruption.

The main concern is that Russia could launch massive cyberattacks targeting critical infrastructure, as shown in the attack involving the Industroyer2 industrial control system (ICS) malware — used earlier this year against a Ukrainian energy provider — and the Pipedream/Incontroller malware designed to manipulate and disrupt industrial processes.

Advertisement. Scroll to continue reading.

Related: Cybercriminals Seek to Profit From Russia-Ukraine Conflict

Related: Russia Coordinating Cyberattacks With Military Strikes in Ukraine

Related: Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

More People On The Move

Expert Insights