UNC5812: Russian Group “Civil Defense” Malware Campaign

UNC5812, a suspected Russian hybrid espionage and influence campaign that used Telegram persona “Civil Defense” to distribute malware for Windows and Android

UNC5812 is actively involved in influence activity, disseminating narratives, and requesting content aimed at undermining support for Ukraine’s mobilization efforts

It estimates that UNC5812 is probably buying promoted posts in reputable, well-established Ukrainian-language Telegram channels to direct potential victims

A reputable missile alerts Telegram channel with over 80,000 followers was seen advertising the “Civil Defense” website and channel to its members

Other Ukrainian-language news outlet promoted Civil Defense’s articles, suggesting the campaign is likely still actively looking for new Ukrainian-language groups

Channels that have pushed “Civil Defense” posts highlight the opportunity to contact their administrations about sponsorship opportunities

“Civil Defense” website, which is under UNC5812’s control and promotes a number of software applications for various operating systems