Throughout March 2025, defenders observed increasing cyber-espionage activity by the UAC-0219 hacking group targeting Ukrainian critical sectors WRECKSTEEL malware. In April, CERT-UA issued a novel alert notifying the global cyber defender community of a new surge of espionage operations orchestrated by another hacking collective tracked as UAC-0226. Since February 2025, researchers have been closely monitoring […]
A nefarious russia’s APT group Seashell Blizzard also known as APT44 has been waging global cyber campaigns since at least 2009. Defenders recently spotted a new long-lasting access campaign called “BadPilot,” reinforcing the group’s focus on stealthy initial infiltration and leveraging a set of advanced detection evasion techniques. Detect Seashell Blizzard Attacks For more than […]
In late March 2025, CERT-UA observed a surge in cyber-espionage operations targeting Ukraine, orchestrated by the UAC-0200 hacking group using DarkCrystal RAT. Researchers have recently uncovered at least three other cyber-espionage attacks throughout March against state bodies and critical infrastructure organizations in Ukraine, aiming to steal sensitive information from compromised systems using specialized malware. These […]
The UAC-0200 hacking group resurfaces in the cyber threat arena. CERT-UA has recently identified a surge in targeted cyber-attacks both against employees of defense industry enterprises and individual members of the Armed Forces of Ukraine leveraging DarkCrystal RAT (DCRAT). Detect UAC-0200 Attacks Covered in the CERT-UA#14045 Alert Following the latest UAC-0173 attacks leveraging DARKCRYSTAL RAT […]
The nefarious cyber-espionage hacking collective tracked as EarthKapre or RedCurl APT has resurfaced to target legal sector organizations using Indeed-themed phishing. In the latest attack, adversaries notorious for highly sophisticated offensive capabilities applied reconnaissance commands and tools, exfiltrated data, and deployed the EarthKapre/RedCurl loader. Detect RedCurl/EarthKapre APT Attacks In 2024, state-sponsored cyber groups from China, […]
The UAC-0099 hacking collective, which has been launching targeted cyber-espionage attacks against Ukraine since the second half of 2022, resurfaces in the cyber threat arena. The CERT-UA team has observed a spike in the group’s malicious activity throughout November-December 2024 against Ukrainian government entities using the phishing attack vector and spreading LONEPAGE malware. Detect UAC-0099 […]
Defenders observe increasing numbers of cyber-attacks linked to China-backed APT groups, primarily focused on intelligence gathering. In September 2024, a China-affiliated APT group tracked as Earth Baxia set its sights on a state agency in Taiwan and possibly other nations within the APAC region. A recently uncovered cyber-espionage campaign has been targeting high-profile organizations in […]
For nearly three years since the full-scale war in Ukraine began, cyber defenders have reported a growing number of russia-aligned offensive operations targeting Ukrainian organizations to collect intelligence, with attacks increasingly expanding their geographical scope. The russia-backed hacking collective tracked as TAG-110 or UAC-0063 has been observed behind an ongoing cyber-espionage campaign against organizations in […]
The nefarious state-sponsored russia-aligned Gamaredon (aka Hive0051, UAC-0010, or Armageddon APT) has been launching a series of cyber-espionage campaigns against Ukraine since 2014, with cyber attacks intensifying since russia’s full-scale invasion of Ukraine on February 24, 2022. ESET recently published an in-depth technical analysis, providing insights into Gamaredon’s cyber-espionage operations against Ukraine throughout 2022 and […]
The FBI, CISA, and leading cybersecurity authorities have issued a warning over growing North Korean cyber-espionage operations linked to the nation-backed hacking group tracked as Andariel. The group’s cyber-espionage activity involves the collection of critical data and intellectual property, thereby advancing the regime’s military and nuclear objectives and aspirations. Detecting Andariel Attacks Described in CISA […]