Phishing Scam Targets Ukrainian Defense Companies

A series of phishing emails have been identified targeted Ukrainian defense companies and security and defense forces with a fake NATO standards conference.

The Computer Emergency Response Team of Ukraine (CERT-UA) detailed that these emailed advertised a conference held on December 5 in Kyiv, aimed at aligning the products of domestic defense industry companies with NATO standards.

The emails contained a URL named “attachment contains important information for your participation”. Clicking the link and opening the attached files allowed hackers to infect the victim’s computer with malware.

CERT-UA identified the culprit of the phishing attack as UAC-0185, a group which has been active since at least 2022.

The focus of the group is to steal credentials from messaging services including Signal, Telegram and WhatsApp as well as military systems DELTA, Teneta, and Kropyva.

The Ukrainians identified that in this most recent attack, the group would eventually run remote management program MESHAGENT on the victim’s device.

This attack aimed at obtaining unauthorized remote access to employees’ computers from enterprises of the military-industrial complex. CERT-UA said this was a more limited tactic compared to the theft of credentials.

Earlier in 2024, CERT-UA warned of a phishing campaign which led to the compromise of more than 100 Ukrainian government computers.

In this instance, attackers impersonated the Security Service of Ukraine in the emails to tempt targets into clicking on a malicious link.