Russian Hackers Attacking Ukraine Military With Malware Via Telegram

Russian hackers identified as UNC5812 are targeting the Ukrainian military through a sophisticated cyber operation. The attackers use a deceptive Telegram channel and website posing as a civil defense service to distribute malware for both Windows and Android devices. The Windows attack deploys Pronsis Loader which installs SUNSPINNER (a decoy mapping application) and PURESTEALER (an information-stealing malware). Android users are targeted with CRAXSRAT a commercial backdoor malware. The operation spreads through promoted posts in legitimate Ukrainian Telegram channels and employs social engineering tactics. The campaign also includes an influence operation sharing anti-mobilization content across pro-Russian social media networks. This cyber-espionage effort aims to exploit recent changes in Ukraines mobilization laws and the introduction of digital military IDs.