"CERT-UA disclosed a threat actor UAC-0125 is using Cloudflare Workers to deceive military personnel into downloading malware disguised as Army+, a legitimate application introduced by the Ministry of Defence."
"The malware installation process involves a decoy file and a PowerShell script that installs OpenSSH, generates RSA keys, and sends the private key to an attacker-controlled server via TOR."
"UAC-0125 is linked to APT44, a persistent threat group associated with the GRU, indicating that military personnel are especially targeted amidst rising cyber threats."
"Fortra reported a significant rise in the abuse of legitimate services, noting a 198% increase in phishing attacks on Cloudflare Pages, highlighting the growing sophistication of cyber threats."
Collection
[
|
...
]