The Government Response Team CERT-UA at the State Special Communications Service of Ukraine, together with the security administrators of the Ochi system, specialists from the A0334 military unit and the joint response team of the Ministry of Defense of Ukraine and the Armed Forces of Ukraine MILCERT, detected and analyzed two cyberattacks on the mobile devices of the Ukrainian military.
The hackers distributed messages with links to download applications allegedly for the GRISELDA and Ochi military systems via the Signal messenger. In fact, these were files with malware and third-party code.
The purpose of the attacks was to steal credentials to access special military systems, as well as to establish and transmit the GPS coordinates of the device.
In the case of GRISELDA (an AI-enabled information processing system), the link opened a website that mimicked the official project website, offering to download a non-existent mobile version of the GRISELDA application. Instead, the malicious program (backdoor) HYDRA was downloaded to the mobile device.
In the case of the Ochi surveillance system, the file offered for download was a modified version of the program (see the first image). In addition to the regular functionality, it contained a third-party code that could be used to steal user credentials and identify the GPS coordinates of the device.
Thanks to the prompt exchange of information and interaction between specialists from all departments, the probability of the cyber threat being realized was minimized. The State Special Communications Service is grateful to the Google Cloud and Cloudflare teams for their assistance in responding to the incident.
Given the sensitivity of the information circulating in military systems, such attacks are extremely dangerous and can have direct negative consequences for the lives and health of military personnel.
The post CERT-UA detects cyberattacks through fake military apps first appeared on HiTechExpert.top.