The Dark Crystal RAT Is Attacking The Ukranian Defence Sector.

The Computer Emergency Response Team (CERT-UA) of Ukraine is alerting the public to a new cyber-Espionage campaign that uses malware called Dark Crystal RAT (DCRAT)  to target defense sector organizations. A Russian developer developed a remote access Trojan (RAT) known as DCRAT. Written in C#, the malware is popular among entry level hackers but has many features associated with more advanced threat actors, such as custom plug-ins and a modular architecture.

The New effort, identified earlier this month, has targeting personnel of defense industrial complex firms as well as person's in the defense forces of Ukraine, officials said . CERT UA links the activity to a threat group it identifies as UAC-0200. The attacks use signal, an encrypted chat service,  to spread malicious  messages. Alleged meeting minutes are included in the messages as archive files that also include an executable ( a crypter called " Dark Tortilla ") that decrypts and runs the remote access Trojan in a subsequent step.

After executing unauthorized commands and stealing data, DCRat gains remote control over the compromised devices. According to the Ukranian Law, enforcement, signal has been urged to take action in response to this and other Russian cyber threats, but they have not done so. At the Kyiv international cyber Resilience Forum last week,Serhii Demediuk, the deputy secretary of Ukraine's National security and Defense Council, stated, " by this inaction, signal is helping Russians gather information, target our soldiers, and compromise Government Officials." 

On Mastodon, Meredith Whittaker,  the CEO of the Messaging service, disputes this, saying that it " does not officially work with any Government , Ukraine or otherwise."