Despite previous considerations for a secure military app, most Ukrainian soldiers still rely on popular services like Telegram, Signal, Viber, and WhatsApp. This threat landscape underscores the ongoing vulnerability of military communication systems, particularly in conflict zones like Ukraine, where Russian-backed hackers have been actively targeting messaging apps to intercept sensitive information.

Takeaways:



• Ukrainian soldiers' messaging apps are increasingly targeted by hackers for data-stealing malware.
• The surge is attributed to a group known as UAC-0184, though no specific foreign cyberthreat group is named.
• CERT-UA warns soldiers to be cautious online, as their activities could make them targets for physical attacks.
• Various malware tools, including HijackLoader and Remcos, are used to gain access to systems.
• Hackers also deploy tools like ViottoKeylogger, XWorm, Tusc, and Sigtop to extract data from messaging apps.
• Tactics include disguising malicious files as fake court documents or frontline videos to trick victims.
• Despite previous considerations, most Ukrainian soldiers still use popular messaging apps like Telegram, Signal, Viber, and WhatsApp.

Source and further reading.

Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns. (n.d.). https://therecord.media/ukraine-military-personnel-cyber-espionage-uac-0184

Cyware. (n.d.). UAC-0184 Targets Ukrainian Entity in Finland with Remcos RAT. Cyware Labs. https://cyware.com/news/uac-0184-targets-ukrainian-entity-in-finland-with-remcos-rat-6b6efe4f

CERT-UA. (n.d.). cert.gov.ua. https://cert.gov.ua/article/6278521