Security News > 2022 > December > Ukraine's DELTA military system users targeted by info-stealing malware
A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware.
The campaign was highlighted in a report today by CERT-UA, which warned Ukrainian military personnel of the malware attack.
DELTA is an intelligence collection and management system created by Ukraine with the help of its allies to help the military track the movements of enemy forces.
As part of this campaign, threat actors used email or instant messages with fake warnings that users need to update the 'Delta' certificates to continue using the system securely.
The malicious email contains a PDF document purportedly with certificate installation instructions, which includes links to download a ZIP archive named "Certificates rootCA.zip."
The archive contains a digitally signed executable named "Certificates rootCA.exe," which, upon launch, creates several DLL files on the victim's system and launches "Ais.exe," which simulates the certificate installation process.