FRwL destroys data with Somnia to disrupt operations in Ukraine
FRwL destroys data with Somnia to disrupt operations in Ukraine
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
FRwL(From Russia with Love) group, tracked as UAC-0118 uses a fake website to trick Ukrainian organization employees into downloading the Advanced IP Scanner software. Upon installation, the system is infected with the Vidar stealer, which intercepts Telegram session data and takes control of the victim’s account.