Tag: CERTUA

UAC-0165 Activity Detection: Destructive Cyber Attacks Targeting Ukrainian Telecom Providers 
UAC-0165 Activity Detection: Destructive Cyber Attacks Targeting Ukrainian Telecom Providers 

CERT-UA researchers notify defenders of the persistent malicious campaign impacting more than 11 telecom providers. The UAC-0165 group behind these destructive attacks has been targeting the Ukrainian telecom sector for a period of over 5 months aiming to cripple the critical infrastructure, which fuels the need for thorough research among defenders to preempt potential threats. […]

Read More
SmokeLoader Malware Detection: UAC-0006 Hackers Launch a Wave of Phishing Attacks Against Ukraine Targeting Accountants
SmokeLoader Malware Detection: UAC-0006 Hackers Launch a Wave of Phishing Attacks Against Ukraine Targeting Accountants

In early October 2023, the UAC-0006 group was observed behind a series of at least four cyber attacks targeting Ukraine, as CERT-UA researchers report. Attackers applied a similar adversary toolkit as in previous campaigns, leveraging SmokeLoader in the latest phishing operation.  SmokeLoader Delivery: UAC-0006 Attack Analysis  On October 6, 2023, CERT-UA released four alerts notifying […]

Read More
APT28 Phishing Attack Detection: Hackers Target Ukrainian Energy Sector Using Microsoft Edge Downloader, TOR Software, and the Mockbin Service for Remote Management
APT28 Phishing Attack Detection: Hackers Target Ukrainian Energy Sector Using Microsoft Edge Downloader, TOR Software, and the Mockbin Service for Remote Management

At the turn of fall 2023, the russia-backed APT28 hacking group reemerges in the cyber threat arena, targeting the critical infrastructure of Ukrainian organizations in the power industry sector.  CERT-UA has recently released a security notice covering a phishing attack from a fake sender email address containing a link to a malicious archive. Following this […]

Read More
CVE-2023-38831 Detection: UAC-0057 Group Exploits a WinRAR Zero-Day to Spread a PicassoLoader Variant and CobaltStrike Beacon via Rabbit Algorithm
CVE-2023-38831 Detection: UAC-0057 Group Exploits a WinRAR Zero-Day to Spread a PicassoLoader Variant and CobaltStrike Beacon via Rabbit Algorithm

The UAC-0057 hacking collective, aka GhostWriter, reemerges in the cyber threat arena by abusing a WinRAR zero-day tracked as CVE-2023-38831 that has been exploited in the wild since April through August 2023. The successful exploitation of CVE-2023-38831 enables attackers to infect the targeted systems with a PicassoLoader variant and Cobalt Strike Beacon malware. Notably, both […]

Read More
UAC-0173 Attacks: Ukrainian Judicial Bodies and Notary Massively Targeted With AsyncRAT Malware
UAC-0173 Attacks: Ukrainian Judicial Bodies and Notary Massively Targeted With AsyncRAT Malware

Cybersecurity experts observe significantly growing volumes of malicious activity aimed at targeting Ukrainian public and private sectors, with offensive forces frequently relying on the phishing attack vector to proceed with the intrusion.  CERT-UA notifies cyber defenders of the ongoing malicious campaign against judicial bodies and notaries in Ukraine, massively distributing emails with the lure subjects […]

Read More
New MerlinAgent Open-Source Tool Used by UAC-0154 Group to Target Ukrainian State Agencies
New MerlinAgent Open-Source Tool Used by UAC-0154 Group to Target Ukrainian State Agencies

Cyber defenders observe growing volumes of cyber attacks against Ukraine and its allies launched by the russian offensive forces, with the aggressor frequently leveraging the phishing attack vector and the public sector serving as the primary target.  CERT-UA notifies cyber defenders of the ongoing phishing campaign against Ukrainian state bodies massively distributing emails with the […]

Read More
Detecting SmokeLoader Campaign: UAC-0006 Keep Targeting Ukrainian Financial Institutions in a Series of Phishing Attacks
Detecting SmokeLoader Campaign: UAC-0006 Keep Targeting Ukrainian Financial Institutions in a Series of Phishing Attacks

UAC-0006 hacking collective is on the rise, actively targeting Ukrainian organizations with SmokeLoader malware in a long-lasting campaign aimed at financial profits. The latest CERT-UA cybersecurity alert details that the hacking group has launched a third massive cyber-attack in a row, severely threatening the banking systems across the country.  Analyzing UAC-0006 Phishing Campaign Aimed at […]

Read More
CAPIBAR and KAZUAR Malware Detection: Turla aka UAC-0024 or UAC-0003 Launches Targeted Cyber-Espionage Campaigns Against Ukraine
CAPIBAR and KAZUAR Malware Detection: Turla aka UAC-0024 or UAC-0003 Launches Targeted Cyber-Espionage Campaigns Against Ukraine

Since at least 2022, the hacking collective tracked as UAC-0024 has been launching a series of offensive operations targeting Ukraine’s defense forces. The group’s cyber-espionage activity mainly focuses on intelligence gathering leveraging CAPIBAR malware. Based on attacker TTPs along with the uncovered use of another malware dubbed Kazuar, the adversary activity can be linked to […]

Read More
UAC-0010 aka Armageddon APT Attacks Detection: Overview of Group’s Ongoing Offensive Operations Targeting Ukraine
UAC-0010 aka Armageddon APT Attacks Detection: Overview of Group’s Ongoing Offensive Operations Targeting Ukraine

Since russia’s full-fledged invasion of Ukraine, the aggressor’s offensive forces have launched thousands of targeted cyber attacks against Ukraine. One of the most persistent threats belongs to the infamous cyber-espionage gang tracked as UAC-0010 (Armageddon). This article provides an overview of the group’s adversary activity against Ukraine largely exploiting the phishing attack vector as of […]

Read More
SmokeLoader Detection: UAC-0006 Group Launches a New Phishing Campaign Against Ukraine
SmokeLoader Detection: UAC-0006 Group Launches a New Phishing Campaign Against Ukraine

Heads up! Cyber defenders are notified of a new wave of phishing attacks leveraging the invoice-relate email subjects with the infection chain triggered by opening a malicious VBS file, which leads to spreading SmokeLoader malware on the affected devices. According to the investigation, the malicious activity can be attributed to the financially-motivated UAC-0006 hacking gang […]

Read More