<ul><li>CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members.</li><li>In March 2025, threat actors distributed archived messages through Signal containing a fake PDF report and DarkTortilla malware.</li><li>The purpose was to deploy the Dark Crystal RAT (DCRat) remote control software tool, which has modular functionalities for surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.</li><li>The attack highlights the broadening attack surface through the use of popular instant messaging apps, bypassing security measures and compromising contacts to increase trust.</li></ul>

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Discover more