Tag: Sandworm

UAC-0212 Attack Detection: Hackers Linked to UAC-0002 aka Sandworm APT Subcluster Launch Targeted Attacks Against the Ukrainian Critical Infrastructure 
UAC-0212 Attack Detection: Hackers Linked to UAC-0002 aka Sandworm APT Subcluster Launch Targeted Attacks Against the Ukrainian Critical Infrastructure 

In Q1 2024, defenders uncovered destructive cyberattacks against the information and communication technology systems (ICT) of approximately 20 organizations in the critical infrastructure sector across 10 regions of Ukraine. CERT-UA has been observing this activity tracked as a separate threat cluster, UAC-0133, which, with a high level of confidence, is linked to a nefarious russia-afiliated […]

Read More
Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine
Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine

For over a decade, russia-backed Sandworm APT group (also tracked as UAC-0145, APT44) has consistently targeted Ukrainian organizations, with a primary focus on state bodies and critical infrastructure. Since the full-scale invasion, this GRU-affiliated military cyber-espionage group has intensified its attacks against Ukrainian targets. The latest malicious campaign, analyzed in February 2025, appears to have […]

Read More
UAC-0133 (Sandworm) Attack Detection: russia-Linked Hackers Aim to Cripple the Information and Communication Systems of 20 Critical Infrastructure Organizations Across Ukraine
UAC-0133 (Sandworm) Attack Detection: russia-Linked Hackers Aim to Cripple the Information and Communication Systems of 20 Critical Infrastructure Organizations Across Ukraine

For over a decade, the nefarious russia-backed Sandworm APT group (aka UAC-0133, UAC-0002, APT44, or FROZENBARENTS) has been consistently targeting Ukrainian organizations with a prime focus on the public sector and critical infrastructure. CERT-UA has recently unveiled the group’s malicious intentions to disrupt the information and communication systems of about 20 critical infrastructure organizations.  UAC-0133 […]

Read More
WinRAR as Cyberweapon: UAC-0165 Targets Ukrainian Public Sector with RoarBat
WinRAR as Cyberweapon: UAC-0165 Targets Ukrainian Public Sector with RoarBat

Since the outbreak of the global cyber war, state bodies of Ukraine and its allies have become targets of diverse malicious campaigns launched by multiple hacking collectives. Experts estimate a 250% surge of cyber attacks against Ukraine in 2022 and over 2,000 of them launched by russia-affiliated threat actors since the beginning of the full-fledged […]

Read More