The Vermin hacking group, also known as UAC-0020, resurfaces, targeting the Armed Forces of Ukraine. In the latest “SickSync” campaign uncovered by CERT-UA in collaboration with the Cybersecurity Center of the Armed Forces of Ukraine, adversaries once again employ SPECTR malware, which has been part of their adversary toolkit since 2019. SickSync Campaign Targeting the […]
Since the onset of the Russia-Ukraine war in 2022, there has been a significant rise in offensive operations, highlighting the profound impact of geopolitical tensions on global enterprises. Multiple hacking groups continue to use Ukraine as a testing ground to extend their attack surface into European and U.S. political arenas. CERT-UA has been lately reported […]
Threat actors frequently leverage remote management tools in cyber attacks via the phishing attack vector. For instance, the Remote Utilities software has been largely exploited in offensive campaigns against Ukraine. CERT-UA, in conjunction with CSIRT-NB, has recently identified a targeted cyber attack attributed to the UAC-0188 employing remote management software. Adversaries were observed gaining unauthorized […]
The financially motivated group identified as UAC-0006 has been actively launching phishing attacks targeting Ukraine throughout 2023. CERT-UA team reports the reemergence of UAC-0006 in the cyber threat landscape in spring 2024. In the ongoing campaigns, hackers attempt to distribute SMOKELOADER, the common malicious sample from the group’s adversary toolkit. UAC-0006 Latest Activity Analysis Spreading […]
For over a decade, the nefarious russia-backed Sandworm APT group (aka UAC-0133, UAC-0002, APT44, or FROZENBARENTS) has been consistently targeting Ukrainian organizations with a prime focus on the public sector and critical infrastructure. CERT-UA has recently unveiled the group’s malicious intentions to disrupt the information and communication systems of about 20 critical infrastructure organizations. UAC-0133 […]
The UAC-0184 hacking collective is back, once again setting its eyes on the Armed Forces of Ukraine. Adversaries attempt to gain access to the targeted computers to steal files and messaging data, according to the latest CERT-UA research. UAC-0184 Latest Attack Description Defenders have been observing a significant surge in the malicious activity of the […]
Two days before the 2nd anniversary of russia’s full-scale invasion, CERT-UA researchers uncovered an ongoing phishing attack against the Armed Forces of Ukraine. The adversary campaign linked to the UAC-0149 group has leveraged COOKBOX malware to infect targeted systems. UAC-0149 Attack Analysis Using COOKBOX Malware CERT-UA in coordination with the Cybersecurity Center of the Information […]
In addition to the rising frequency of cyber attacks by the infamous UAC-0050 group targeting Ukraine, other hacking collectives are actively trying to infiltrate the systems and networks of Ukrainian organizations. At the turn of February 2024, defenders identified over 2,000 computers infected with DIRTYMOE (PURPLEFOX) malware as a result of a massive cyber attack […]
Just slightly over a week after the UAC-0050 group’s attack against Ukraine leveraging Remcos RAT, Quasar RAT, and Remote Utilities, adversaries reemerge in the cyber threat arena. CERT-UA has recently notified defenders of the ongoing group’s campaign involving mass email distribution and masquerading the senders as State Service of Special Communications and Information Protection of […]
At the end of 2023, the nefarious UAC-0050 group loomed in the cyber threat arena, targeting Ukraine using Remcos RAT, a common malware from the group’s offensive toolkit. In the first decade of January 2024, UAC-0050 reemerges to strike again, exploiting Remcos RAT, Quasar RAT, and Remote Utilities. UAC-0050 Offensive Activity Overview Based on the […]