4 September 2024

Threat actors target Ukrainian military via fake Griselda app and Google Drive links


Threat actors target Ukrainian military via fake Griselda app and Google Drive links

The Ukrainian Government Computer Emergency Response Team (CERT-UA), in collaboration with the Ministry of Defense's Joint Response Team (MILCERT), has identified and analyzed two cyberattacks aimed at Ukrainian military personnel. The attacks involved the dissemination of messages via Signal, containing links to download APK files that were disguised as military systems Griselda and the surveillance system called “Eyes.”

In the first case, threat actors created a fake version of the official Griselda project website. Griselda is an automated system for data entry, processing, and transmission using artificial intelligence.

The site prompted users to download a “mobile version” of the Griselda application—a software that does not actually exist. Instead, the APK file contained the HYDRA malware, capable of stealing session data (HTTP Cookies), contacts, performing keylogging, and more.

In the second case, the attackers exploited a Google Drive link to distribute an APK file, which appeared to be a legitimate version of the Eyes surveillance system. However, this APK was modified to include malicious code designed to steal users' login credentials and passwords, as well as to track and transmit the GPS coordinates of the device. It is believed that the attackers added a third-party JAVA class to the legitimate software and implemented its invocation within the relevant blocks of code.

CERT-UA tracks this activity as UAC-0210.

Back to the list

Latest Posts

Hackers hijack high-level accounts and sensitive data of JAXA’s execs

Hackers hijack high-level accounts and sensitive data of JAXA’s execs

The attackers commandeered roughly 200 accounts, including those of senior officials and members of JAXA’s leadership team.
7 October 2024
Over 100 orgs breached in BabyLockerKZ ransomware attacks

Over 100 orgs breached in BabyLockerKZ ransomware attacks

BabyLockerKZ is an updated variant of the MedusaLocker ransomware.
7 October 2024
Chinese hackers reportedly compromise US court wiretap systems

Chinese hackers reportedly compromise US court wiretap systems

The attack targeted major US telecom companies including Verizon, AT&T, and Lumen Technologies.
7 October 2024