Russian Hackers Steal Ukrainian Army Recruits' Data

Ukrainian cybersecurity experts are raising alarms following reports of a data breach involving the Reserve+ application, designed for electronic updates of military registration data.

Users received a concerning message from the official bot of the Reserve+ application, instructing them to download a program named REZERVPLUS.zip for "correct changes to the register."

Upon further investigation, it was discovered that this software was malicious, designed to steal information from smartphones while deleting itself to evade detection. Russian hackers are suspected of compromising the Reserve+ application and accessing sensitive data related to military personnel and recruits of the Armed Forces of Ukraine.

On October 16, the State Service for Special Communications and Information Protection of Ukraine confirmed that links to the Reserve+ app bot had been manipulated. These links, which were previously shared on official government pages, now lead to a malicious account distributing malware.

"The government response team CERT-UA received information about the distribution of messages through the @reserveplusbot account regarding the need to install 'special software' with an attached archive 'RESERVPLUS.zip,'" the agency stated.

Analysis revealed that the archive contained MEDUZASTEALER malware, which is known for stealing files. The @reserveplusbot account was created to mimic technical support for the Reserve+ app, targeting conscripts, military personnel, and reservists. Notably, this account was listed as one of the Reserve+ technical support contacts as recently as May 2024.

The details surrounding this incident are under investigation. The State Special Communications Service of Ukraine has indicated that measures are being implemented to mitigate the threat.

Experts also highlight that hackers have gained access to a significant amount of data on military personnel and recruits who unwittingly installed the malware.