A recent warning from the Computer Emergency Response Team of Ukraine (CERT-UA) highlights a new campaign targeting the defense sectors with Dark Crystal RAT (DCRat). This campaign, discovered earlier this month, specifically aims at employees of enterprises within the defense-industrial complex and individual representatives of the Defense Forces of Ukraine. The malicious activity involves distributing harmful messages via the Signal messaging app, with some messages being sent from compromised Signal accounts to increase the chances of success in the attacks.
The reports shared in these messages come in the form of archive files containing a decoy PDF and an executable file. The executable is a .NET-based crypter called DarkTortilla, which decrypts and launches the DCRat malware. DCRat is a well-known remote access trojan that allows cybercriminals to execute arbitrary commands, steal valuable information, and gain remote control over infected devices. CERT-UA has linked this activity to a threat cluster known as UAC-0200, which has been active since at least the summer of 2024.
The use of popular messaging apps on both mobile devices and computers is noted to significantly expand the attack surface, creating uncontrolled information exchange channels that can be exploited by threat actors. This development coincides with claims that Signal has stopped responding to requests from Ukrainian law enforcement regarding Russian cyber threats, prompting concerns about the app’s role in aiding malicious actors. Signal CEO Meredith Whittaker has denied these claims, asserting that Signal does not officially work with any government and has not ceased cooperation.
In addition, there are reports from Microsoft and Google indicating that Russian cyber actors are increasingly targeting unauthorized access to WhatsApp and Signal accounts. This trend is fueled by Ukrainians turning to Signal as an alternative to Telegram, leading to heightened security risks. The cybersecurity landscape continues to evolve, with threat actors adapting their tactics to exploit vulnerabilities in popular communication platforms. It is crucial for organizations and individuals to stay vigilant and implement robust security measures to defend against such cyber threats.
Source link