Ukrainian military and defense contractors, as well as representatives of its Defense Forces were disclosed by the country's Computer Emergency Response Team to have been targeted with the Dark Crystal RAT malware, also known as DCRat, as part of a new attack campaign identified this month, The Hacker News reports.
Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files, which when opened facilitated the execution of the DarkTortilla crypter that deploys DCRat, according to the CERT-UA. Such a report from the CERT-UA comes after Signal was alleged by Ukrainian National Security and Defense Council Deputy Secretary Serhii Demediuk to have withdrawn support for the country's efforts against Russian cyber threats, an assertion which has since been repudiated by the encrypted messaging platform. "We don't officially work with any gov, Ukraine or otherwise, and we never stopped. We're not sure where this came from or why," said Signal CEO Meredith Whittaker.
