Google’s Threat Analysis Group (TAG), alongside Mandiant, has released findings on what it suspects is a Russian espionage and influence campaign designed to demotivate Ukrainian soldiers and infect devices with malware.
The group has been labeled UNC5812, and established themselves as an anti-conscription group called ‘Civil Defense’ that offered apps and software to allow would-be conscripts to view real-time locations of Ukrainian military recruiters.
However, the applications would instead deliver malware alongside a decoy mapping application tracked by Google TAG and Mandiant as SUNSPINNER.
Civil Defense influence campaign
“The ultimate aim of the campaign is to have victims navigate to the UNC5812-controlled “Civil Defense” website, which advertises several different software programs for different operating systems. When installed, these programs result in the download of various commodity malware families,” the Google Threat Intelligence blog stated.
The Civil Defense website was established as early as April 2024, however the Telegram account which granted a high through-put of users to the website was only set up in September 2024.
It is understood the group paid for sponsored posts in popular Telegram groups, one of which was used to deliver missile alerts to its 80,000 subscribers.
When users were directed to the website, they were faced with a choice of files aimed at different operating systems that the victims expected to be some form of mapping software for real time updates on the location of Ukrainian military recruiters. Users would instead find their device infected with SUNSPINNER malware and infostealers.
The website also offered…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
