The UAC-0050 hacking collective notorious for its long-standing offensive operations against Ukraine steps back into the cyber threat arena. CERT-UA researchers have long been investigating the group’s activity, which primarily focuses on three key directions, including cyber espionage and financial theft, along with information and psychological operations tracked under the “Fire Cells Group” brand. Financially […]
The Vermin hacking collective, also tracked as UAC-0020, resurfaces, targeting Ukraine using a novel offensive tool dubbed FIRMACHAGENT. In the latest attack, adversaries leverage the phishing attack vector to spread emails with the lure subject related to the prisoners of war at the Kursk front. UAC-0020 aka Vermin Attack Analysis Using FIRMACHAGENT On August 19, 2024, […]
The increasing number of phishing attacks requires immediate attention from defenders, underscoring the need for increasing cybersecurity awareness and bolstering the organization’s cyber hygiene. Following the UAC-0102 attack targeting UKR.NET users, another hacking collective tracked as UAC-0198 leverages the phishing attack vector to target the Ukrainian state bodies and massively distribute ANONVNC (MESHAGENT) malware to […]
Leveraging public email services along with corporate email accounts is a common practice among government employees, military personnel, and the staff of other Ukrainian enterprises and organizations. However, adversaries might abuse these services to launch phishing attacks. Defenders have recently uncovered a new offensive activity aimed at stealing user authentication data by luring victims into […]
Defenders have observed a sudden surge in the adversary activity of the UAC-0057 hacking group targeting Ukrainian local government agencies. Attackers distribute malicious files containing macros aimed at launching PICASSOLOADER on the targeted computers, which leads to the delivery of Cobalt Strike Beacon. Detect UAC-0057 Activity Covered in the CERT-UA#10340 Alert Since the full-scale war […]
Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. Further, the same tactics, techniques, and procedures are applied to target broader geography, including North America, Europe, and Asia. Precisely, in May 2023, the UAC-0063 group launched […]
The Vermin hacking group, also known as UAC-0020, resurfaces, targeting the Armed Forces of Ukraine. In the latest “SickSync” campaign uncovered by CERT-UA in collaboration with the Cybersecurity Center of the Armed Forces of Ukraine, adversaries once again employ SPECTR malware, which has been part of their adversary toolkit since 2019. SickSync Campaign Targeting the […]
Since the onset of the Russia-Ukraine war in 2022, there has been a significant rise in offensive operations, highlighting the profound impact of geopolitical tensions on global enterprises. Multiple hacking groups continue to use Ukraine as a testing ground to extend their attack surface into European and U.S. political arenas. CERT-UA has been lately reported […]
Threat actors frequently leverage remote management tools in cyber attacks via the phishing attack vector. For instance, the Remote Utilities software has been largely exploited in offensive campaigns against Ukraine. CERT-UA, in conjunction with CSIRT-NB, has recently identified a targeted cyber attack attributed to the UAC-0188 employing remote management software. Adversaries were observed gaining unauthorized […]
The financially motivated group identified as UAC-0006 has been actively launching phishing attacks targeting Ukraine throughout 2023. CERT-UA team reports the reemergence of UAC-0006 in the cyber threat landscape in spring 2024. In the ongoing campaigns, hackers attempt to distribute SMOKELOADER, the common malicious sample from the group’s adversary toolkit. UAC-0006 Latest Activity Analysis Spreading […]