cyberscoop.com
Open in
urlscan Pro
108.138.85.11
Public Scan
URL:
https://cyberscoop.com/suspected-russian-hacking-influence-operations-take-aim-at-ukrainian-military-recruiting/
Submission: On October 29 via api from TR — Scanned from CA
Submission: On October 29 via api from TR — Scanned from CA
Form analysis 1 forms found in the DOM
GET https://cyberscoop.com/
<form role="search" id="searchform" class="site-search" method="get" action="https://cyberscoop.com/">
<meta itemprop="target" content="https://cyberscoop.com/?s={s}">
<label class="screen-reader-text" for="search-field"> Search for: </label>
<input class="site-search__input js-site-search-input" itemprop="query-input" type="text" id="search-field" value="" placeholder="Search news, people, podcasts, videos" name="s">
<button class="site-search__button">
<svg class="icon icon--search" width="19" height="19" fill="none" viewBox="0 0 19 19" xmlns="http://www.w3.org/2000/svg">
<path
d="M7.9.7a6.805 6.805 0 0 0-6.8 6.8c0 3.752 3.048 6.8 6.8 6.8a6.757 6.757 0 0 0 3.975-1.288l5.262 5.25 1.125-1.125-5.2-5.212A6.77 6.77 0 0 0 14.7 7.5c0-3.752-3.048-6.8-6.8-6.8Zm0 .8c3.319 0 6 2.681 6 6s-2.681 6-6 6-6-2.681-6-6 2.681-6 6-6Z"
fill="currentColor" stroke="currentColor"></path>
</svg>
<span class="visually-hidden">Search</span>
</button>
</form>Text Content
Skip to main content
Advertisement
* CyberScoop
* AIScoop
* FedScoop
* DefenseScoop
* StateScoop
* EdScoop
Advertise Search Close
Search for: Search
Open navigation
* Topics
Back
* AI
* Cybercrime
* Commentary
* Financial
* Government
* Policy
* Privacy
* Technology
* Threats
* Research
* Workforce
* Special Reports
* Events
* Podcasts
* Videos
* Insights
* Subscribe to Newsletters
* Advertise
Switch Site
* CyberScoop
* AIScoop
* FedScoop
* DefenseScoop
* StateScoop
* EdScoop
Subscribe
Advertisement
Subscribe to our daily newsletter.
Subscribe
Close
* Threats
SUSPECTED RUSSIAN HACKING, INFLUENCE OPERATIONS TAKE AIM AT UKRAINIAN MILITARY
RECRUITING
Google’s Threat Analysis Group and Mandiant said one group is behind the hybrid
campaign that takes aim at both recruits and broader recruiting efforts.
By Tim Starks
October 28, 2024
Listen to this article
3:32
Learn more. This feature uses an automated voice, which may result in occasional
errors in pronunciation, tone, or sentiment.
Tankers from the 33rd separate mechanized brigade of the Ukrainian Ground Forces
fire with a Leopard 2A4 tank during a field training at an undisclosed location
in Ukraine on Oct. 27. (Photo by Genya SAVILOV / AFP)
A suspected Russian group is targeting potential Ukrainian military recruits in
an espionage campaign that’s running concurrently with an influence operation
designed to undermine Ukraine’s broader military mobilization, according to
research published Monday.
The hybrid campaign apparently looks to capitalize on fears about a Ukrainian
mobilization law that went into effect this year that lowered the minimum
conscription age to 25 and that required all draft-age men to update their
personal information with the government, Google’s Threat Analysis Group and
Google-owned Mandiant said.
The group, labeled UNC5812, seeks to gain access to the devices of potential
Ukrainian recruits, using Windows and Android malware delivered by a Telegram
persona named “Civil Defense.” It purports to provide software programs that let
potential conscripts look at and share crowdsourced locations of recruiters, the
researchers said.
The simultaneous influence operation does things on its Telegram channel like
seeking videos from visitors of “unfair actions from territorial recruitment
centers.” One such video, allegedly depicting military registration employees
beating a man, later was shared by the Russian Embassy in South Africa’s X
account.
Advertisement
The researchers first discovered the group’s activity in September, and have
shared its information with Ukrainian authorities.
“UNC5812’s hybrid espionage and information operation against potential
Ukrainian military recruits is part of a wider spike in operational interest
from Russian threat actors following changes made to Ukraine’s national
mobilization laws in 2024,” the research states. “In particular, we have seen
the targeting of potential military recruits has risen in prominence following
the launch of Ukraine’s national digital military ID used to manage the details
of those liable for military service and boost recruitment.”
In addition to inducing users into downloading its malware, the Civil Defense
website instructs victims on how to disable Google Play Protect, which scans
apps and devices for malware — “an unconventional form of social engineering
designed to preempt user suspicions,” the researchers noted.
The group also has likely been purchasing promoted posts in authentic
Ukrainian-language Telegram channels.
Besides the overlap in Russian government interest in Ukrainian military
recruitment and the re-sharing of material on the embassy website, the campaign
fits with Russian threat groups’ methods.
Advertisement
“From a tradecraft perspective, UNC5812’s campaign is highly characteristic of
the emphasis Russia places on achieving cognitive effect via its cyber
capabilities, and highlights the prominent role that messaging apps continue to
play in malware delivery and other cyber dimensions of Russia’s war in Ukraine,”
the research reads. “We judge that as long as Telegram continues to be a
critical source of information during the war, it is almost certain to remain a
primary vector for cyber-enabled activity for a range of Russian-linked
espionage and influence activity.”
The campaign dovetails into a long pattern of cyber and disinformation
operations even before Russia began its invasion of Ukraine in early 2022.
WRITTEN BY TIM STARKS
Tim Starks is senior reporter at CyberScoop. His previous stops include working
at The Washington Post, POLITICO and Congressional Quarterly. An Evansville,
Ind. native, he's covered cybersecurity since 2003. Email Tim here:
tim.starks@cyberscoop.com.
IN THIS STORY
* Google
* influence operations
* Mandiant
* Russia
* Ukraine
Share
* Facebook
* LinkedIn
* Twitter
* Copy Link
Advertisement
Advertisement
MORE LIKE THIS
1. OPERATION MAGNUS TARGETS REDLINE, META INFOSTEALERS
By Christian Vasquez
2. FORTINET WARNS OF ACTIVE CAMPAIGN EXPLOITING BUG IN FORTIMANAGER PRODUCTS
By Christian Vasquez
3. REPORT: CHINESE HACKERS USED TELECOM ACCESS TO GO AFTER PHONES OF TRUMP,
VANCE
By Derek B. Johnson Tim Starks
Advertisement
TOP STORIES
1. CISA SEES ELIMINATION OF ‘BAD PRACTICES’ AS NEXT SECURE-BY-DESIGN STEP
By Matt Bracken
2. MEET THE WINNERS OF THE 2024 CYBERSCOOP 50 AWARDS
By CyberScoop Staff
Advertisement
MORE SCOOPS
Cars drive past the headquarters of the Russian General Staff’s Main
Intelligence Department (GRU) in Moscow on December 30, 2016. (Photo by NATALIA
KOLESNIKOVA/AFP via Getty Images)
U.S. CHARGES FIVE RUSSIAN MILITARY MEMBERS FOR DESTRUCTIVE CYBER OPS,
HACK-AND-LEAK CAMPAIGNS
The hackers were working with a unit in the Russian Main Intelligence
Directorate, according to the DOJ.
By AJ Vicens
Night view of Lubyanka square in Moscow, building of the Federal Security
Service. (alex57111, iStock/Getty Images)
RUSSIAN HACKING CAMPAIGN TARGETS RIGHTS GROUPS, MEDIA, FORMER US AMBASSADOR
By Tim Starks
An aerial view of the building of the Main Directorate of the General Staff of
the Armed Forces, also known as the Main Intellegence Directorate, or GRU, July
06, 2023, in Moscow, Russia. (Photo by Contributor/Getty Images)
RUSSIAN NATIONAL INDICTED FOR ROLE IN CYBERATTACKS ON UKRAINE
By AJ Vicens
MANDIANT: NOTORIOUS RUSSIAN HACKING UNIT LINKED TO BREACH OF TEXAS WATER
FACILITY
By AJ Vicens Christian Vasquez
DECADE-OLD MALWARE HAUNTS UKRAINIAN POLICE
By AJ Vicens
RUSSIAN MILITARY INTELLIGENCE MAY HAVE DEPLOYED WIPER AGAINST MULTIPLE UKRAINIAN
ISPS
By AJ Vicens
GOOGLE: IRANIAN, REGIONAL HACKING OPERATIONS THAT TARGET ISRAEL REMAIN
OPPORTUNISTIC BUT FOCUSED
By AJ Vicens
LATEST PODCASTS
TRELLIX’S JOHN FOKKER ON THE LATEST CYBERCRIMINAL SNAPSHOT
DOMAINTOOLS’ SEAN MCNEE ON HOW CHINA IS WATCHING THE RUSSIA-UKRAINE CONFLICT
REVERSINGLABS’ SAŠA ZDJELAR ON THE ‘BLACK BOX’ OF COMMERCIAL SOFTWARE
CAL-BERKELEY’S ELIJAH BAUCOM ON HOW STUDENTS ARE HELPING NONPROFITS AVOID
SPYWARE
GOVERNMENT
* Task force unveils cyber recommendations for the next president
* State Department offers $10 million reward for info on Russian propaganda
outlet
* Iranian hackers are going after critical infrastructure sector passwords,
agencies caution
* CISA advisory committee approves four draft reports on critical
infrastructure resilience
TECHNOLOGY
* How satellites are pushing security innovation at Amazon
* Microsoft offers updates on 117 vulnerabilities on Patch Tuesday
* Research reveals vulnerabilities in routers that left 700,000-plus exposed
* Exclusive: Kevin Mandia joins SpecterOps as chair of the board
THREATS
* HYPR is latest firm to reveal hiring of fraudulent IT worker overseas
* Alabama man arrested for role in SEC Twitter account hijacking
* Brazil's Federal Police arrest alleged National Public Data hacker
* Pyongyang on the payroll? Signs that your company has hired a North Korean IT
worker
GEOPOLITICS
* Agencies warn about Russian government hackers going after unpatched
vulnerabilities
* Ukrainian hackers celebrate Putin’s birthday with two high-profile attacks
* What’s new from this year’s Counter Ransomware Initiative summit, and what’s
next
* DOJ, Microsoft seize more than 100 domains used by the FSB
Advertisement
About Us
* FedScoop
* DefenseScoop
* StateScoop
* EdScoop
* CyberScoop
* AIScoop
* Newsletters
* Advertise with us
* Ad specs
* (202) 887-8001
* hello@cyberscoop.com
* FB
* TW
* LinkedIn
* IG
* YT
Close Ad
Continue to CyberScoop