Russian Cyber Espionage Targets Ukrainian Conscripts with Malware

Google and Mandiant uncover Russian-backed operation using fake apps to spread malware on Windows and Android devices.

The UNC5812 campaign, backed by Russian threat group APT29, targets Ukrainian military recruits with malware disguised as helpful software.
Malware is distributed through a Telegram channel and a website, both posing as 'Civil Defense' offering free mapping tools.
The malicious apps, known as 'Sunspinner,' install info-stealers like CraxsRAT on Android and PureStealer on Windows devices.
Google has updated its protections to block these threats, including adding domains to its Safe Browsing feature.
Amazon Web Services has seized domains used by the attackers to disrupt the operation, emphasizing international collaboration in cybersecurity.