Tag: CERTUA

UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware
UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware

In addition to the rising frequency of cyber attacks by the infamous UAC-0050 group targeting Ukraine, other hacking collectives are actively trying to infiltrate the systems and networks of Ukrainian organizations. At the turn of February 2024, defenders identified over 2,000 computers infected with DIRTYMOE (PURPLEFOX) malware as a result of a massive cyber attack […]

Read More
UAC-0050 Activity Detection: Hackers Impersonate SSSCIP and State Emergency Service of Ukraine Using Remote Utilities
UAC-0050 Activity Detection: Hackers Impersonate SSSCIP and State Emergency Service of Ukraine Using Remote Utilities

Just slightly over a week after the UAC-0050 group’s attack against Ukraine leveraging Remcos RAT, Quasar RAT, and Remote Utilities, adversaries reemerge in the cyber threat arena. CERT-UA has recently notified defenders of the ongoing group’s campaign involving mass email distribution and masquerading the senders as State Service of Special Communications and Information Protection of […]

Read More
UAC-0050 Attack Detection: Hackers Are Armed with Remcos RAT, Quasar RAT, and Remote Utilities to Target Ukraine Once Again
UAC-0050 Attack Detection: Hackers Are Armed with Remcos RAT, Quasar RAT, and Remote Utilities to Target Ukraine Once Again

At the end of 2023, the nefarious UAC-0050 group loomed in the cyber threat arena, targeting Ukraine using Remcos RAT, a common malware from the group’s offensive toolkit. In the first decade of January 2024, UAC-0050 reemerges to strike again, exploiting Remcos RAT, Quasar RAT, and Remote Utilities.  UAC-0050 Offensive Activity Overview Based on the […]

Read More
UAC-0184 Attack Detection: Targeted Phishing Attacks Against the Armed Forces of Ukraine Using Remcos RAT and Reverse SSH
UAC-0184 Attack Detection: Targeted Phishing Attacks Against the Armed Forces of Ukraine Using Remcos RAT and Reverse SSH

Hard on the heels of the phishing campaign against Ukraine spreading Remcos RAT, another offensive operation relying on a similar adversary toolkit comes to the scene. At the end of December 2023, Trendmicro researchers reported CERT-UA about suspicious military-related files sent through a series of new phishing attacks against Ukraine. The uncovered malicious activity aimed […]

Read More
APT28 Adversary Activity Detection: New Phishing Attacks Targeting Ukrainian and Polish Organizations
APT28 Adversary Activity Detection: New Phishing Attacks Targeting Ukrainian and Polish Organizations

Throughout the second half of December 2023, cybersecurity researchers uncovered a series of phishing attacks against Ukrainian government agencies and Polish organizations attributed to the infamous russian nation-backed APT28 hacking collective. CERT-UA has recently issued a heads-up covering the in-depth overview of the latest APT28 attacks, from the initial compromise to posing a threat to […]

Read More
New Phishing Campaign by UAC-0050: Kyivstar & Security Service of Ukraine Baits to Deliver Remcos RAT
New Phishing Campaign by UAC-0050: Kyivstar & Security Service of Ukraine Baits to Deliver Remcos RAT

Cybersecurity analysts are observing a substantial increase in malicious activities targeting Ukraine’s public and private sectors, where attackers often resort to phishing vectors as their primary strategy for initiating intrusions. CERT-UA notifies cyber defenders of ongoing attacks against Ukrainian organizations leveraging Kyivstar and the Security Service of Ukraine phishing lures. The infamous UAC-0050 group aims […]

Read More
Remcos RAT and Meduza Stealer Detection: UAC-0050 Group Launches a Massive Phishing Attack Against State Bodies in Ukraine and Poland
Remcos RAT and Meduza Stealer Detection: UAC-0050 Group Launches a Massive Phishing Attack Against State Bodies in Ukraine and Poland

Less than a week after a phishing campaign by UAC-0050 spreading Remcos RAT, the group attempted to launch another offensive operation. In the newly uncovered massive email distribution campaign, UAC-0050 hackers target the Ukrainian and Polish public sectors, leveraging the nefarious Remcos RAT and another malware strain dubbed Meduza Stealer. UAC-0050 Attack Description: Activity Covered […]

Read More
UAC-0006 Attack Detection: Overview of the Financially Motivated Group’s Campaigns Based on CERT-UA Research
UAC-0006 Attack Detection: Overview of the Financially Motivated Group’s Campaigns Based on CERT-UA Research

The infamous hacking group known as UAC-0006 has been launching offensive operations against Ukraine since 2013 primarily driven by financial gain. CERT-UA researchers recently issued a compiled overview of the group’s adversary activity aimed at raising cybersecurity awareness and minimizing risks. The group is notorious for committing financial theft by leveraging malware like SmokeLoader to […]

Read More
UAC-0050 Attack Detection: Hackers Launch Another Targeted Campaign Spreading Remcos RAT 
UAC-0050 Attack Detection: Hackers Launch Another Targeted Campaign Spreading Remcos RAT 

Hard on the heels of the phishing attack impersonating the Security Service of Ukraine and using Remcos RAT, the hacking collective identified as UAC-0050 launched another adversary campaign against Ukraine leveraging the phishing attack vector. In these attacks targeting 15,000+ users hackers massively send emails with a subject and attachment lures related to a summons […]

Read More
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine

CERT-UA researchers have recently published a novel heads-up that covers ongoing phishing attacks against Ukraine involving distribution of Remcos RAT. The group in charge of this offensive campaign, which involves massively distributing spoofing emails with a false sender identity masquerading as the Security Service of Ukraine, is tracked as UAC-0050. UAC-0050 Attack Analysis Covered in […]

Read More