Info-stealing malware targeting Ukraine’s military system

Ukraine's DELTA military intelligence system had its users targeted by phishing attacks spreading the FateGrab and StealDeal information stealing malware, according to The Hacker News. The UAC-0142 threat cluster sent phishing emails relating to fake root certificate update warnings that included PDF attachments with links to archive files on a fake DELTA domain, which then proceeds to deploy the malware, said the Computer Emergency Response Team of Ukraine. Files containing certain extensions are being exfiltrated by FateGrab while passwords and other data stored in web browsers are being targeted by the StealDeal malware. Such an attack against DELTA comes amid the failed attack by Russia-linked hacking group Gamaredon against a NATO member state-based petroleum refinery. Moreover, Ukraine-based organizations have also been impacted by Vidar stealer and RomCom RAT attacks. Phishing attacks involving emails spoofing Ukraine's State Emergency Service have also targeted Ukrainian state-owned entities with the DolphinCape backdoor, which is based on the Delphi programming language.