Ukrainian security authorities have confirmed that the country’s Delta military intelligence system was targeted by cyberattacks. The Delta system is used for key situational awareness and collecting information about enemy forces as well as coordinating of defense forces. The system is built to be compatible with NATO equipment. Over the weekend, CERT-UA became aware of a phishing attack targeting the system first identified by the Center for Innovations and Development of Defense Technologies.
The attackers leveraged a compromised Ministry of Defense email account to launch phishing messages attempting to lure recipients into installing a fake update to the Delta system. The email contains a malicious PDF attachment that claims to have instructions on how to initiate the update as well as a malicious ZIP archive link. If the file is clicked, an executable is downloaded onto the computer.