Tag: CERT-UA

UAC-0050 Phishing Attack Detection: The russia-Backed Group Massively Spreads Tax-Related Phishing Emails and Exploit LITEMANAGER
UAC-0050 Phishing Attack Detection: The russia-Backed Group Massively Spreads Tax-Related Phishing Emails and Exploit LITEMANAGER

The nefarious hacking group UAC-0050, known for its persistent phishing attacks against Ukraine, has been observed massively distributing tax-related spoofed emails with PDF attachments imitating requests from the State Tax Service of Ukraine and exploiting a LITEMANAGER tool to gain unauthorized remote access to the targeted systems. Detect UAC-0050 Phishing Attacks Covered in the CERT-UA#11776 […]

Read More
UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point
UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point

The notorious Russian state-sponsored hacking group known as APT28 or UAC-0001, which has a history of launching targeted phishing attacks on Ukrainian public sector organizations, has resurfaced in the cyber threat landscape. In the latest adversary campaign covered by CERT-UA, attackers weaponize a PowerShell command embedded in the clipboard as an entry point to further conduct offensive […]

Read More
UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware
UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware

Hot on the heels of the “Rogue RDP” attacks exploiting the phishing attack vector and targeting Ukrainian state bodies and military units, CERT-UA researchers uncovered another wave of phishing attacks leveraging emails with invoice-related subject lures and weaponizing HOMESTEEL malware for file theft. The UAC-0218 group is believed to be behind the ongoing adversary operation. […]

Read More
MEDUZASTEALER Detection: Hackers Distribute Malware Masquerading the Sender as Reserve+ Technical Support via Telegram Messaging Service
MEDUZASTEALER Detection: Hackers Distribute Malware Masquerading the Sender as Reserve+ Technical Support via Telegram Messaging Service

Hard on the heels of a new wave of cyber-attacks by UAC-0050 involving cyber espionage and financial thefts and relying on a diverse number of tools, including MEDUZASTEALER, another suspicious activity comes to the spotlight in the Ukrainian cyber threat arena. CERT-UA recently launched a new alert covering spoofed phishing attacks spreading MEDUZASTEALER via Telegram […]

Read More
UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine
UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine

The UAC-0050 hacking collective notorious for its long-standing offensive operations against Ukraine steps back into the cyber threat arena. CERT-UA researchers have long been investigating the group’s activity, which primarily focuses on three key directions, including cyber espionage and financial theft, along with information and psychological operations tracked under the “Fire Cells Group” brand. Financially […]

Read More
UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware
UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware

The Vermin hacking collective, also tracked as UAC-0020, resurfaces, targeting Ukraine using a novel offensive tool dubbed FIRMACHAGENT. In the latest attack, adversaries leverage the phishing attack vector to spread emails with the lure subject related to the prisoners of war at the Kursk front.  UAC-0020 aka Vermin Attack Analysis Using FIRMACHAGENT  On August 19, 2024, […]

Read More
UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies
UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies

The increasing number of phishing attacks requires immediate attention from defenders, underscoring the need for increasing cybersecurity awareness and bolstering the organization’s cyber hygiene. Following the UAC-0102 attack targeting UKR.NET users, another hacking collective tracked as UAC-0198 leverages the phishing attack vector to target the Ukrainian state bodies and massively distribute ANONVNC (MESHAGENT) malware to […]

Read More
UAC-0102 Phishing Attack Detection: Hackers Steal Authentication Data Impersonating the UKR.NET Web Service
UAC-0102 Phishing Attack Detection: Hackers Steal Authentication Data Impersonating the UKR.NET Web Service

Leveraging public email services along with corporate email accounts is a common practice among government employees, military personnel, and the staff of other Ukrainian enterprises and organizations. However, adversaries might abuse these services to launch phishing attacks. Defenders have recently uncovered a new offensive activity aimed at stealing user authentication data by luring victims into […]

Read More
UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon
UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon

Defenders have observed a sudden surge in the adversary activity of the UAC-0057 hacking group targeting Ukrainian local government agencies. Attackers distribute malicious files containing macros aimed at launching PICASSOLOADER on the targeted computers, which leads to the delivery of Cobalt Strike Beacon.  Detect UAC-0057 Activity Covered in the CERT-UA#10340 Alert Since the full-scale war […]

Read More
UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692 
UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692 

Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. Further, the same tactics, techniques, and procedures are applied to target broader geography, including North America, Europe, and Asia. Precisely, in May 2023, the UAC-0063 group launched […]

Read More