Since at least 2022, the hacking collective tracked as UAC-0024 has been launching a series of offensive operations targeting Ukraine’s defense forces. The group’s cyber-espionage activity mainly focuses on intelligence gathering leveraging CAPIBAR malware. Based on attacker TTPs along with the uncovered use of another malware dubbed Kazuar, the adversary activity can be linked to […]
Since russia’s full-fledged invasion of Ukraine, the aggressor’s offensive forces have launched thousands of targeted cyber attacks against Ukraine. One of the most persistent threats belongs to the infamous cyber-espionage gang tracked as UAC-0010 (Armageddon). This article provides an overview of the group’s adversary activity against Ukraine largely exploiting the phishing attack vector as of […]
Heads up! Cyber defenders are notified of a new wave of phishing attacks leveraging the invoice-relate email subjects with the infection chain triggered by opening a malicious VBS file, which leads to spreading SmokeLoader malware on the affected devices. According to the investigation, the malicious activity can be attributed to the financially-motivated UAC-0006 hacking gang […]
Cybersecurity researchers issue a heads-up covering a new targeted cyber attack by the UAC-0057 group against Ukrainian public officials leveraging XLS files that contain a malicious macro spreading PicassoLoader malware. The malicious loader is capable of dropping another malicious strain dubbed njRAT to spread the infection further. PicassoLoader and njRAT Malware Distribution by UAC-0057 Hackers: […]
CERT-UA researchers recently uncovered a fraudulent copy of the English-language version of the Ukrainian World Congress website at https://www.ukrainianworldcongress.org/. The fake web resource contains a couple of DOCX documents that trigger an infection chain once opened. As a result of the attack chain, hackers can deploy MAGICSPELL payload intended to download, decipher, and maintain the […]
With the ongoing russian cyber offensive operations targeting Ukraine and its allies, the aggressor is continuously launching cyber-espionage campaigns against state bodies and other organizations representing critical infrastructure. Less than a week after CERT-UA researchers warned of a spike in cyber-espionage attacks by russia-linked Shuckworm group, another nefarious hacking group comes back to the scene. […]
On June 16, 2023, CERT-UA researchers issued a new alert covering the recently discovered malicious activity targeting the National Defense University of Ukraine, named after Ivan Cherniakhovskyi, the country’s leading military educational institution. In this ongoing campaign, threat actors spread PicassoLoader and Cobalt Strike Beacon on the compromised systems via a malicious file containing a […]
Since russia’s full-scale invasion of Ukraine, the aggressor’s offensive forces have launched an avalanche of cyber-espionage campaigns against Ukraine and its allies, mainly targeting government agencies and frequently leveraging the phishing attack vector. The infamous hacking collective dubbed Shuckworm (Armageddon, Gamaredon), which is known to have links with russia’s FSB, has been observed behind a […]
On February 24, 2022, a little more than a year ago, the russian federation started an offensive invasion of Ukraine by land, air, and sea. The war escalated in cyberspace as well. As a result, we are now witnessing the first-ever full-fledged cyber war in human history, with multiple offensive counterparts engaged in attacks against […]
Just a couple of weeks ago, CERT-UA raised awareness among the global cyber defender community about an ongoing cyber-espionage campaign targeting Ukraine and organizations in Central Asia linked to the UAC-0063 group. In early June, CERT-UA researchers issued another alert covering the long-term cyber-espionage activity mainly exploiting the email attack vector and targeting Ukrainian government […]