Summary: Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a warning about targeted attacks utilizing compromised Signal accounts to deliver malware to defense industry employees and military personnel. The attacks involve messages with archives masquerading as meeting reports, leading victims to inadvertently execute harmful files. This activity, tracked as UAC-0200, has seen recent updates in phishing tactics to align with urgent military topics in Ukraine.
Affected: Defense industry firms and military personnel in Ukraine
Keypoints :
- Compromised Signal accounts are being used to send malware to targeted individuals.
- The malware is disguised in files that appear to be meeting-related documents.
- Recent attacks have shifted focus to military-related topics relevant to Ukraine.
- Users are advised to turn off automatic downloads, be cautious of file attachments, and regularly check linked devices.
- Updating apps and enabling two-factor authentication are recommended for better security.