FRwL destroys data with Somnia to disrupt operations in Ukraine

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

FRwL(From Russia with Love) group, tracked as UAC-0118 uses a fake website to trick Ukrainian organization employees into downloading the Advanced IP Scanner software. Upon installation, the system is infected with the Vidar stealer, which intercepts Telegram session data and takes control of the victim’s account.