13 June 2024

Ukraine neutralizes bot farms involved in hacking Ukrainian soldiers’ phones


Ukraine neutralizes bot farms involved in hacking Ukrainian soldiers’ phones

The Security Service of Ukraine (SBU) has dismantled two bot farms used by Russian intelligence agencies to hack phones of Ukrainian military personnel and spread the Kremlin propaganda.

In the Zhytomyr region, the SBU detained an individual who was mass-registering virtual mobile numbers of Ukrainian operators and anonymous Telegram accounts at the behest of Russia.

The suspect sold or rented out the activated accounts through specialized Russian online platforms. The mobile numbers then were used by Russian special services to hack the phones of Ukrainian soldiers.

The adversary sent phishing messages to the devices of Defense Forces soldiers from anonymous numbers and internet addresses registered in Ukraine. When opened, these files infected the victims’ devices with spyware, which was used to collect sensitive information.

Additionally, the bot farm's anonymous accounts were utilized to disseminate Kremlin narratives, posing as ordinary Ukrainian citizens.

Investigations revealed that the suspect had set up specialized software in her own apartment. She registered over 600 mobile numbers, and the proceeds from their sale were sent to her personal cryptocurrency wallet.

The suspect has been charged under Part 5 of Article 361 of the Criminal Code of Ukraine (Unauthorized interference with the operation of information and communication systems, electronic communication networks).

In Dnipro, a 30-year-old local resident was detained for registering nearly 15,000 fake accounts on various social networks and messengers, using SIM cards of Ukrainian mobile operators. These accounts were sold on darknet forums, where his primary buyers were representatives of Russian special services.

The suspect is accused of committing a crime under Part 1 of Article 110 of the Criminal Code of Ukraine (Encroachment on the territorial integrity and inviolability of Ukraine).


Back to the list

Latest Posts

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

The attackers exploited a bug in an Apache HTTP server to deliver the MgBot malware.
23 July 2024
New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

The attackers likely gained access through a vulnerability in an externally facing Mikrotik router.
23 July 2024
NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

The crackdown follows the arrest of one of the site's suspected admins earlier this month.
23 July 2024