Ukrainian experts from CERT-UA and MILCERT have detected and analyzed two cyberattacks on Ukrainian military mobile devices. The hackers tried not only to steal information from the devices but also to gain access to the GPS coordinates of the Ukrainian Armed Forces.
The hackers distributed messages with links to download applications, such as the military systems GRISELDA and «Eyes», via the Signal messenger. In fact, these were files with malware and third-party code.
The State Special Communications Service notes that the main purpose of the attacks was to steal credentials to access special military systems. The attackers also tried to establish and transmit the GPS coordinates of the military’s devices.
In the case of GRISELDA (an AI-enabled information processing system), the link opened a website that imitated the official project website. There, visitors were offered to download a non-existent mobile version of the GRISELDA application. Instead, a malicious program (backdoor) called HYDRA was downloaded to the mobile device.
In the case of the «Eyes» surveillance system, it was proposed to download a file that was a modified version of the program. In addition to the regular functionality, it contained third-party code that could be used by the attackers to steal user credentials and identify the GPS coordinates of the device.
«Thanks to the prompt exchange of information and interaction between specialists from all departments, the likelihood of a cyber threat was minimized», the agency said.
Spelling error report
The following text will be sent to our editors: