Davey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
The security researchers at Google ’s renowned Threat Analysis Group, alongside threat intelligence specialists from Mandiant , have confirmed a suspected Russia n espionage and influence dual-pronged attack has been underway against both Android and Windows users.
Here’s what we know so far.The UNC5812 cyber attack was discovered by Google TAG and Mandiant during September, 2024, and appears to be a hybrid espionage and influence operation carried out by Russian threat actors. Using a Telegram persona identified as “Civil Defense" the threat intelligence analysts said that the campaign was being used to distribute malware to both Android and Windows users under the guise of a free software provider. The nature of that free software being targeted directly at people looking to find potential military recruiters of conscripts in Ukraine. The distribution channel is both via the malicious civil defense Telegram channel and a similarly named website. It is thought that the activation of the Telegram channel in September signaled when the operation went live, with the website domain having been registered earlier in April.The malware itself is operating-system specific and is delivered alongside what appears to be a decoy application posing as a mapping tool for the aforementioned recruiting locations. “UNC5812 is also actively engaged in influence activity,” a Google TAG spokesperson said, “delivering narratives and soliciting content intended to undermine support for Ukraine's mobilization efforts.” It is thought that the UNC5812 threat actors are purchasing promoted posts in legitimate and already established Ukrainian-language Telegram channels in order to further spread the influence operation. It would also appear, according to the threat intelligence, that the operation is still ongoing as a Ukrainian-language news channel promoting the posts was seen as recently as October 8th. “The campaign is probably still actively seeking new Ukrainian-language communities for targeted engagement,” Google TAG researchers said.The aim of the Telegram-driven campaign itself is to persuade victims to navigate to the website where an assortment of malware for both the Android and Windows operating systems can be downloaded. Android users, meanwhile, are targeted with a commercially available backdoor application known as craxstat. Google TAG analysts said that the website itself includes support for both iOS andTrump Rally Speaker Tony Hinchcliffe Calls Puerto Rico ‘Floating Island Of Garbage’—Campaign, GOP Lawmakers React Harris And Trump’s Biggest Celebrity Endorsements: 49ers’ Nick Bosa Shows Off MAGA Hat—As Bad Bunny Backs HarrisSo, how do you prevent getting caught up in this latest threat campaign assuming you have been targeted and got as far as the malware distribution phase? Make sure you are using Google Play Protect, Google’s TAG researchers said. The UNC5812 actors have gone to some length to persuade Android users that they should install the app outside of the App Store and its protections, including justifications for an extensive list of user permissions required, mostly to supposedly protect the security and anonymity of the user, ironically. “UNC5812's Civil Defense website specifically included social engineering content and detailed video instructions on how the targeted user should turn off Google Play Protect,” Google TAG said, “Safe Browsing also protects Chrome users on Android by showing them warnings before they visit dangerous sites.” Google’s app scanning infrastructure protects Google Play and powers Verify Apps so as to additionally protect users who might get caught up in a cyber attack such as this one with apps installed from outside of Google Play itself.Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.Insults, profanity, incoherent, obscene or inflammatory language or threats of any kindContinuous attempts to re-post comments that have been previously moderated/rejectedAttempts or tactics that put the site security at riskProtect your community.
Google TAG Google Threat Analysis Group Ukraine Russia Hackers Ukraine Cyber Attack Russia Cyber Attack UNC5812 Mandiant
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Google's new Quick Settings tile makes music identification a breeze on AndroidJohanna 'Jojo the Techie' is a skilled mobile technology expert with over 15 years of hands-on experience, specializing in the Google ecosystem and Pixel devices. Known for her user-friendly approach, she leverages her vast tech support background to provide accessible and insightful coverage on latest technology trends.
Read more »
Google tests new UI for calls on Android that copies iOSAlan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon.
Read more »
Google Warns Millions Of Android Users—These Apps Are ‘Dangerous’Google suddenly issues surprise new warning for Android users.
Read more »
Urgent New Google Chrome 129 Security Warning For Windows, Mac, Linux, AndroidDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Google Play Store search gets a new location on Android tablets and foldablesJohanna 'Jojo the Techie' is a skilled mobile technology expert with over 15 years of hands-on experience, specializing in the Google ecosystem and Pixel devices. Known for her user-friendly approach, she leverages her vast tech support background to provide accessible and insightful coverage on latest technology trends.
Read more »
Android Circuit: Pixel 9a Leaks, Thunderbird’s Android Beta, Google Play Vs F-DroidThis week’s Android headlines; the latest Galaxy S25 Ultra specs, Pixel 9a design leaks, considering the Pixel 9 Pro Fold, the importance of F-Droid, and more...
Read more »