1. Forum
  2. tqw
  3. TQW GENTECH

  • Russian espionage mission to subvert Ukrainian conscription uncov

    From TechnologyDaily@1337:1/100 to All on Monday, October 28, 2024 15:15:05
    Russian espionage mission to subvert Ukrainian conscription uncovered by Google TAG

    Date:
    Mon, 28 Oct 2024 15:12:46 +0000

    Description:
    Ukrainian's looking to download an app for monitoring military recruiters and instead downloading malware and infostealers.

    FULL STORY ======================================================================

    Googles Threat Analysis Group (TAG), alongside Mandiant, has released
    findings on what it suspects is a Russian espionage and influence campaign designed to demotivate Ukrainian soldiers and infect devices with malware .

    The group has been labeled UNC5812, and established themselves as an anti-conscription group called Civil Defense that offered apps and software
    to allow would-be conscripts to view real-time locations of Ukrainian
    military recruiters.

    However, the applications would instead deliver malware alongside a decoy mapping application tracked by Google TAG and Mandiant as SUNSPINNER. Civil Defense influence campaign

    The ultimate aim of the campaign is to have victims navigate to the UNC5812-controlled Civil Defense website, which advertises several different software programs for different operating systems. When installed, these programs result in the download of various commodity malware families, the Google Threat Intelligence blog stated.

    The Civil Defense website was established as early as April 2024, however the Telegram account which granted a high through-put of users to the website was only set up in September 2024.

    It is understood the group paid for sponsored posts in popular Telegram groups, one of which was used to deliver missile alerts to its 80,000 subscribers.

    When users were directed to the website, they were faced with a choice of files aimed at different operating systems that the victims expected to be some form of mapping software for real time updates on the location of Ukrainian military recruiters. Users would instead find their device infected with SUNSPINNER malware and infostealers.

    The website also offered justification for the applications not being available through the App Store, stating that by downloading the application through the website, Civil Defense would protect the anonymity and security
    of its users from the App Store. The website also contained video
    instructions on how to install the applications, and how to disable Google Play Protect.

    The Civil Defense telegram page also requested user video submissions of unfair actions from territorial recruitment centers, which Civil Defense
    would post to enhance its anti-conscription messaging and potentially drive more people to download the military recruitment monitoring app.

    The SUNSPINNER app consists of a decoy GUI that shows a mapping tool with crowdsourced marker locations for Ukrainian recruiters. While the marker locations look to be legitimate, Google TAG and Mandiant found that the markers were all added by a single person on the same day.

    The malware and influence campaign is said to still be underway, with a sponsored post for the group appearing in a Ukrainian news channel as
    recently as October 8. More from TechRadar Pro Take a look at the best
    Android antivirus Amazon seizes domains used by Russian hackers to target Windows systems These are the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/russian-espionage-mission-to-subvert-ukrainian-c onscription-uncovered-by-google-tag


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)