UNC5812: Russian Group “Civil Defense” Malware Campaign
UNC5812, a suspected Russian hybrid espionage and influence campaign that used Telegram persona “Civil Defense” to distribute malware for Windows and Android
UNC5812 is actively involved in influence activity, disseminating narratives, and requesting content aimed at undermining support for Ukraine’s mobilization efforts
It estimates that UNC5812 is probably buying promoted posts in reputable, well-established Ukrainian-language Telegram channels to direct potential victims
A reputable missile alerts Telegram channel with over 80,000 followers was seen advertising the “Civil Defense” website and channel to its members
Other Ukrainian-language news outlet promoted Civil Defense’s articles, suggesting the campaign is likely still actively looking for new Ukrainian-language groups
Channels that have pushed “Civil Defense” posts highlight the opportunity to contact their administrations about sponsorship opportunities
“Civil Defense” website, which is under UNC5812’s control and promotes a number of software applications for various operating systems