Mocha Manakin, believed to have ties to Interlock ransomware operations, has been observed using the paste-and-run phishing technique for initial access since at least January 2025. Adversaries deploy a custom NodeJS backdoor, dubbed NodeInitRAT, which enables persistence, reconnaissance, command execution, and payload delivery via HTTP, along with other offensive operations that can potentially lead to […]
How It Works Understanding the steps adversaries take during an attack can be critical for detection logic and defense prioritization. Uncoder AI introduces a new capability: transforming raw threat intelligence—such as blog posts, reports, or technical descriptions—into a visual Attack Flow. As shown in the interface screenshot, the system ingests narrative input about a campaign […]
Throughout March 2025, defenders observed increasing cyber-espionage activity by the UAC-0219 hacking group targeting Ukrainian critical sectors WRECKSTEEL malware. In April, CERT-UA issued a novel alert notifying the global cyber defender community of a new surge of espionage operations orchestrated by another hacking collective tracked as UAC-0226. Since February 2025, researchers have been closely monitoring […]
In late March 2025, CERT-UA observed a surge in cyber-espionage operations targeting Ukraine, orchestrated by the UAC-0200 hacking group using DarkCrystal RAT. Researchers have recently uncovered at least three other cyber-espionage attacks throughout March against state bodies and critical infrastructure organizations in Ukraine, aiming to steal sensitive information from compromised systems using specialized malware. These […]
The russia-linked Gamaredon APT notorious for a wealth of cyber-offensive operations against Ukraine resurfaces in the cyber threat arena. The ongoing Gamaredon adversary campaign against Ukraine leverages malicious LNK files disguised as war-related lures to deploy the Remcos backdoor and applies sophisticated techniques, such as DLL sideloading. Detect Gamaredon Group Attacks The russia-affiliated hacking groups […]
Following the investigation into UAC-0212’s increasing activity against multiple organizations in Ukraine’s critical infrastructure sector, CERT-UA notifies the global cyber defender community of the reemergence of another hacking group in the Ukrainian cyber threat arena. The organized criminal group tracked as UAC-0173 has been conducting a series of phishing attacks against notaries impersonating the sender […]
Financially motivated hackers are behind an ongoing malicious campaign targeting Poland and Germany. These phishing attacks aim to deploy multiple payloads, including Agent Tesla, Snake Keylogger, and a novel backdoor dubbed TorNet, which is delivered via PureCrypter malware. Detect TorNet Backdoor A significant rise in phishing campaigns, with a 202% increase in phishing messages over […]
One interesting feature of the specification of the URL schema parsing is that literal IP addresses can be accepted as decimal numbers. You can try this by: I was able to find this decimal number by pinging google and using the IP address in the linked calculator site. Another interesting feature of the schema and […]
Hot on the heels of the recent wave of cyber-attacks leveraging a highly evasive Strela Stealer in Central and Southwestern Europe, a new infostealer comes into the spotlight targeting sensitive data within the government and education sectors across Europe and Asia. Defenders have observed an ongoing info-stealing campaign attributed to Vietnamese-speaking adversaries who leverage a […]
The notorious Russian state-sponsored hacking group known as APT28 or UAC-0001, which has a history of launching targeted phishing attacks on Ukrainian public sector organizations, has resurfaced in the cyber threat landscape. In the latest adversary campaign covered by CERT-UA, attackers weaponize a PowerShell command embedded in the clipboard as an entry point to further conduct offensive […]