Ukrainian military system DELTA targeted by malware
According to a report dated 19 December 2022, a phishing campaign using Ukrainian Ministry of Defence emails to spread an infostealer is underway. The threat actors used emails with false warnings that users needed to update the certificates of the Ukrainian "Delta"* system to continue using it safely. The malicious email contains a PDF document purporting to contain certificate installation instructions, which includes links to download a ZIP archive named "certificates_rootCA.zip". Once downloaded it contains malware, identified by CERT-UA as "StealDeal". StealDeal is an information-stealing malware that can, among other things, steal Internet browsing data and passwords stored on the web browser.
It is possible that this phishing campaign is the work of Russian hacker groups working for the government with the aim of spying on Ukrainian forces through its infostealer. It is likely that the targets are mainly Ukrainian officers coordinating with Delta.
*DELTA = a weapons system where all tactical information of Ukrainian forces is updated live.
Read more about it : here