A new phishing campaign is targeting Ukrainian military personnel by distributing malware-laced manuals for drones and other aircraft. Securonix researchers revealed that the hackers are using Microsoft Compiled HTML Help (CHM) files to distribute the open-source Merlin malware and seize control of infected systems.
Ukraine’s Computer Emergency Response Team (CERT-UA) has attributed similar attacks to a threat actor known as UAC-0154. As Russia’s invasion continues, state-sponsored groups like APT28 persist in cyber offensive operations against Ukraine’s critical infrastructure and military.
The resilience demonstrated by Ukraine’s cyber defenders is admirable, but constant vigilance is crucial. As this phishing campaign shows, Russian hackers are determined to undermine Ukraine’s defenses through social engineering and ingenious technical approaches.