Summary: CERT-UA warned about targeted cyberattacks against Ukraine’s defense-industry employees and Armed Forces, linked to the UAC-0200 identifier. These attacks utilize the DarkCrystal RAT malware, employing social engineering tactics primarily through the Signal messaging app to distribute malicious files. The campaign has evolved to target specific military technologies, necessitating heightened vigilance within the defense sector.
Affected: Ukraine’s defense-industrial complex and Armed Forces
Keypoints :
- Attacks have been ongoing since summer 2024, using sophisticated tactics to access sensitive information.
- Infection often occurs through compressed files containing a PDF and the DarkTortilla loader, which deploys DarkCrystal RAT.
- Criminals exploit social engineering techniques, posing as trusted contacts to deliver malicious payloads via Signal.
- CERT-UA encourages reporting suspicious activity and provides indicators of compromise (IOCs) for threat identification.
- The campaign’s focus has shifted toward UAVs and electronic warfare systems, indicating advanced intelligence-gathering strategies.
Source: https://thecyberexpress.com/cert-ua-warns-of-darkcrystal-rat/