Attackers in the Signal messenger send messages to Ukrainian Armed Forces military personnel on the topic of recruiting for the Third Separate Assault Brigade of the Ukrainian Armed Forces and the Israel Defense Forces (IDF), containing malicious software.

The hackers’ messages contain archived files, the launch of which will lead to infection of the computer with REMCOSRAT and REVERSESSH malware. At the same time, the attackers try to make the names and contents of the archives interesting for the military: “interrogation of a prisoner”, “geolocation”, “encoding commands”, “claims”, etc. Specialists from the American-Japanese company Trendmicro showed suspicious activity back at the end of December 2023.

Afterwards, the Ukrainian government computer emergency response team CERT-UA, operating under the State Special Communications Agency, took action on a series of cyber attacks. The team also noted that if suspicious activity is detected on computers and in information and communication systems of the Armed Forces of Ukraine, the ITS Cyber Security Center (military unit A0334; email: csoc@post.mil.gov.ua ) should be immediately informed.