One Article Review
| Source |  Mandiant |
|---|---|
| Identifiant | 8602806 |
| Date de publication | 2024-10-28 14:00:00 (vue: 2024-10-28 13:06:36) |
| Titre | La campagne hybride de l'espionnage russe et de l'influence vise à compromettre les recrues militaires ukrainiennes et à livrer des récits anti-mobilisations Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives |
| Texte | In September 2024, Google Threat Intelligence Group (consisting of Google\'s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android malware using a Telegram persona named "Civil Defense". "Civil Defense" claims to be a provider of free software programs designed to enable potential conscripts to view and share crowdsourced locations of Ukrainian military recruiters. If installed with Google Play Protect disabled, these programs deliver an operating system-specific commodity malware variant to the victim alongside a decoy mapping application we track as SUNSPINNER. In addition to using its Telegram channel and website for malware delivery, UNC5812 is also actively engaged in influence activity, delivering narratives and soliciting content intended to undermine support for Ukraine\'s mobilization efforts.
Figure 1: UNC5812\'s "Civil Defense" persona
Targeting Users on Telegram
UNC5812\'s malware delivery operations are conducted both via an actor-controlled Telegram channel @civildefense_com_ua and website hosted at civildefense[.]com.ua. The associated website was registered in April 2024, but the Telegram channel was not created until early September 2024, which we judge to be when UNC5812\'s campaign became fully operational. To drive potential victims towards these actor-controlled resources, we assess that UNC5812 is likely purchasing promoted posts in legitimate, established Ukrainian-language Telegram channels.
On September 18th 2024, a legitimate channel with over 80,000 subscribers dedicated to missile alerts was observed promoting the "Civil Defense" Telegram channel and website to its subscribers.
An additional Ukrainian-language news channel promoting Civil Defense\'s posts as recently as October 8th, indicating the campaign is probably still actively seeking new Ukrainian-language communities for targeted engagement.
Channels where "Civil Defense" posts have been promoted advertise the ability to reach out to their administrations for sponsorship opportunities. We suspect this is the likely vector that UNC5812 is using to approach the respective legitimate channels to increase the operation\'s reach.
|
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | $150 $699 000 107 149 169 185 18th 194 2024 206 31cdae71f21e1fad7581b5f305a9d185 4ca65a7efe2e4502e2031548ae588cb8 7ef871a86d076dac67c2036d1bb24c39 8th |
| Tags | Malware Threat Mobile |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.