Tag: Phishing

UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and Defense Sector 
UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and Defense Sector 

The notorious russian state-sponsored threat group UAC-0001 (also tracked as APT28) has once again surfaced in the cyber threat landscape. After CERT-UA’s late June alert exposing the group’s use of the COVENANT framework and the BEARDSHELL backdoor, UAC-0001 has maintained its focus on Ukraine. CERT-UA now reports a new wave of cyber-attacks targeting the security […]

Read More
Mocha Manakin Attack Detection: Hackers Spread a Custom NodeJS Backdoor Dubbed NodeInitRAT Using the Paste-and-Run Technique 
Mocha Manakin Attack Detection: Hackers Spread a Custom NodeJS Backdoor Dubbed NodeInitRAT Using the Paste-and-Run Technique 

Mocha Manakin, believed to have ties to Interlock ransomware operations, has been observed using the paste-and-run phishing technique for initial access since at least January 2025. Adversaries deploy a custom NodeJS backdoor, dubbed NodeInitRAT, which enables persistence, reconnaissance, command execution, and payload delivery via HTTP, along with other offensive operations that can potentially lead to […]

Read More
Uncoder AI Visualizes Threat Behavior with Automated Attack Flow
Uncoder AI Visualizes Threat Behavior with Automated Attack Flow

How It Works Understanding the steps adversaries take during an attack can be critical for detection logic and defense prioritization. Uncoder AI introduces a new capability: transforming raw threat intelligence—such as blog posts, reports, or technical descriptions—into a visual Attack Flow. As shown in the interface screenshot, the system ingests narrative input about a campaign […]

Read More
UAC-0226 Attack Detection: New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK Stealer
UAC-0226 Attack Detection: New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK Stealer

Throughout March 2025, defenders observed increasing cyber-espionage activity by the UAC-0219 hacking group targeting Ukrainian critical sectors WRECKSTEEL malware. In April, CERT-UA issued a novel alert notifying the global cyber defender community of a new surge of espionage operations orchestrated by another hacking collective tracked as UAC-0226. Since February 2025, researchers have been closely monitoring […]

Read More
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL

In late March 2025, CERT-UA observed a surge in cyber-espionage operations targeting Ukraine, orchestrated by the UAC-0200 hacking group using DarkCrystal RAT. Researchers have recently uncovered at least three other cyber-espionage attacks throughout March against state bodies and critical infrastructure organizations in Ukraine, aiming to steal sensitive information from compromised systems using specialized malware. These […]

Read More
Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor
Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor

The russia-linked Gamaredon APT notorious for a wealth of cyber-offensive operations against Ukraine resurfaces in the cyber threat arena. The ongoing Gamaredon adversary campaign against Ukraine leverages malicious LNK files disguised as war-related lures to deploy the Remcos backdoor and applies sophisticated techniques, such as DLL sideloading. Detect Gamaredon Group Attacks  The russia-affiliated hacking groups […]

Read More
UAC-0173 Activity Detection: Hackers Launch Phishing Attacks Against Ukrainian Notaries Using the DARKCRYSTALRAT Malware
UAC-0173 Activity Detection: Hackers Launch Phishing Attacks Against Ukrainian Notaries Using the DARKCRYSTALRAT Malware

Following the investigation into UAC-0212’s increasing activity against multiple organizations in Ukraine’s critical infrastructure sector, CERT-UA notifies the global cyber defender community of the reemergence of another hacking group in the Ukrainian cyber threat arena. The organized criminal group tracked as UAC-0173 has been conducting a series of phishing attacks against notaries impersonating the sender […]

Read More
TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads
TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads

Financially motivated hackers are behind an ongoing malicious campaign targeting Poland and Germany. These phishing attacks aim to deploy multiple payloads, including Agent Tesla, Snake Keylogger, and a novel backdoor dubbed TorNet, which is delivered via PureCrypter malware.  Detect TorNet Backdoor A significant rise in phishing campaigns, with a 202% increase in phishing messages over […]

Read More
Interesting URL Schema Abuse Patterns (Merry Phishmas)
Interesting URL Schema Abuse Patterns (Merry Phishmas)

One interesting feature of the specification of the URL schema parsing is that literal IP addresses can be accepted as decimal numbers. You can try this by: I was able to find this decimal number by pinging google and using the IP address in the linked calculator site. Another interesting feature of the schema and […]

Read More
PXA Stealer Detection: Vietnamese Hackers Hit the Public and Education Sectors in Europe and Asia
PXA Stealer Detection: Vietnamese Hackers Hit the Public and Education Sectors in Europe and Asia

Hot on the heels of the recent wave of cyber-attacks leveraging a highly evasive Strela Stealer in Central and Southwestern Europe, a new infostealer comes into the spotlight targeting sensitive data within the government and education sectors across Europe and Asia. Defenders have observed an ongoing info-stealing campaign attributed to Vietnamese-speaking adversaries who leverage a […]

Read More