Tag: CERTUA

UAC-0020 aka Vermin Attack Detection: SickSync Campaign Using SPECTR Malware and SyncThing Utility to Target the Armed Forces of Ukraine
UAC-0020 aka Vermin Attack Detection: SickSync Campaign Using SPECTR Malware and SyncThing Utility to Target the Armed Forces of Ukraine

The Vermin hacking group, also known as UAC-0020, resurfaces, targeting the Armed Forces of Ukraine. In the latest “SickSync” campaign uncovered by CERT-UA in collaboration with the Cybersecurity Center of the Armed Forces of Ukraine, adversaries once again employ SPECTR malware, which has been part of their adversary toolkit since 2019.  SickSync Campaign Targeting the […]

Read More
UAC-0200 Attack Detection: Adversaries Launch Targeted Phishing Attacks Against Ukrainian Public Sector Leveraging DarkCrystal RAT Spread via Signal 
UAC-0200 Attack Detection: Adversaries Launch Targeted Phishing Attacks Against Ukrainian Public Sector Leveraging DarkCrystal RAT Spread via Signal 

Since the onset of the Russia-Ukraine war in 2022, there has been a significant rise in offensive operations, highlighting the profound impact of geopolitical tensions on global enterprises. Multiple hacking groups continue to use Ukraine as a testing ground to extend their attack surface into European and U.S. political arenas. CERT-UA has been lately reported […]

Read More
UAC-0188 Attack Detection: Hackers Launch Targeted Attacks Against Ukraine Exploiting SuperOps RMM
UAC-0188 Attack Detection: Hackers Launch Targeted Attacks Against Ukraine Exploiting SuperOps RMM

Threat actors frequently leverage remote management tools in cyber attacks via the phishing attack vector. For instance, the Remote Utilities software has been largely exploited in offensive campaigns against Ukraine. CERT-UA, in conjunction with CSIRT-NB, has recently identified a targeted cyber attack attributed to the UAC-0188 employing remote management software. Adversaries were observed gaining unauthorized […]

Read More
UAC-0133 (Sandworm) Attack Detection: russia-Linked Hackers Aim to Cripple the Information and Communication Systems of 20 Critical Infrastructure Organizations Across Ukraine
UAC-0133 (Sandworm) Attack Detection: russia-Linked Hackers Aim to Cripple the Information and Communication Systems of 20 Critical Infrastructure Organizations Across Ukraine

For over a decade, the nefarious russia-backed Sandworm APT group (aka UAC-0133, UAC-0002, APT44, or FROZENBARENTS) has been consistently targeting Ukrainian organizations with a prime focus on the public sector and critical infrastructure. CERT-UA has recently unveiled the group’s malicious intentions to disrupt the information and communication systems of about 20 critical infrastructure organizations.  UAC-0133 […]

Read More
UAC-0149 Attacks Ukrainian Defense Forces Using Signal, CVE-2023-38831 Exploits, and COOKBOX Malware
UAC-0149 Attacks Ukrainian Defense Forces Using Signal, CVE-2023-38831 Exploits, and COOKBOX Malware

The UAC-0149 threat actor repeatedly targets Ukrainian governments and military organizations using COOKBOX malware. The latest research by CERT-UA details the new attack leveraging phishing Signal messages and CVE-2023-38831 exploits to deploy COOKBOX on the targeted instances. UAC-0149 Attack Details UAC-0149 hacking collective has been performing malicious operations against Ukraine since at least autumn 2023. […]

Read More
UAC-0184 Abuses Messengers and Dating Websites to Proceed with Attacks Against Ukrainian Government and Military
UAC-0184 Abuses Messengers and Dating Websites to Proceed with Attacks Against Ukrainian Government and Military

The UAC-0184 hacking collective is back, once again setting its eyes on the Armed Forces of Ukraine. Adversaries attempt to gain access to the targeted computers to steal files and messaging data, according to the latest CERT-UA research. UAC-0184 Latest Attack Description Defenders have been observing a significant surge in the malicious activity of the […]

Read More
UAC-0149 Attack Detection: Hackers Launch a Targeted Attack Against the Armed Forces of Ukraine, as CERT-UA Reports 
UAC-0149 Attack Detection: Hackers Launch a Targeted Attack Against the Armed Forces of Ukraine, as CERT-UA Reports 

Two days before the 2nd anniversary of russia’s full-scale invasion, CERT-UA researchers uncovered an ongoing phishing attack against the Armed Forces of Ukraine. The adversary campaign linked to the UAC-0149 group has leveraged COOKBOX malware to infect targeted systems. UAC-0149 Attack Analysis Using COOKBOX Malware  CERT-UA in coordination with the Cybersecurity Center of the Information […]

Read More
UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware
UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware

In addition to the rising frequency of cyber attacks by the infamous UAC-0050 group targeting Ukraine, other hacking collectives are actively trying to infiltrate the systems and networks of Ukrainian organizations. At the turn of February 2024, defenders identified over 2,000 computers infected with DIRTYMOE (PURPLEFOX) malware as a result of a massive cyber attack […]

Read More
UAC-0050 Activity Detection: Hackers Impersonate SSSCIP and State Emergency Service of Ukraine Using Remote Utilities
UAC-0050 Activity Detection: Hackers Impersonate SSSCIP and State Emergency Service of Ukraine Using Remote Utilities

Just slightly over a week after the UAC-0050 group’s attack against Ukraine leveraging Remcos RAT, Quasar RAT, and Remote Utilities, adversaries reemerge in the cyber threat arena. CERT-UA has recently notified defenders of the ongoing group’s campaign involving mass email distribution and masquerading the senders as State Service of Special Communications and Information Protection of […]

Read More
UAC-0050 Attack Detection: Hackers Are Armed with Remcos RAT, Quasar RAT, and Remote Utilities to Target Ukraine Once Again
UAC-0050 Attack Detection: Hackers Are Armed with Remcos RAT, Quasar RAT, and Remote Utilities to Target Ukraine Once Again

At the end of 2023, the nefarious UAC-0050 group loomed in the cyber threat arena, targeting Ukraine using Remcos RAT, a common malware from the group’s offensive toolkit. In the first decade of January 2024, UAC-0050 reemerges to strike again, exploiting Remcos RAT, Quasar RAT, and Remote Utilities.  UAC-0050 Offensive Activity Overview Based on the […]

Read More