| Attribute | Details |
|---|---|
| Threat Actors | UAC-0185 (UNC4221), UAC-0198, UAC-0180, Vermin, Ghostwriter |
| Campaign Overview | Espionage campaign targeting Ukrainian defense enterprises, focused on stealing credentials and unauthorized remote access. |
| Target Regions | Ukraine |
| Methodology | Phishing emails, remote access tools, backdoor malware, messaging app credential theft, email campaigns with malicious macros. |
| Product Targeted | Ukrainian defense personnel, local military systems (Delta, Teneta, Kropyva), state computers |
| Malware Reference | MeshAgent, UltraVNC, DarkCrystal, Spectr |
| Tools Used | MeshAgent, UltraVNC, malicious macros, Signal, Telegram, WhatsApp |
| Vulnerabilities Exploited | Email-based phishing attacks, messaging app credential theft, open-source remote access tools vulnerabilities. |
| TTPs | Phishing campaigns, malicious email macros, remote access installation, targeted credential theft, social engineering. |
| Attribution | Linked to Russian state-sponsored actors, UNC4221 suspected to be Russian-backed. |
| Recommendations | Strengthen cybersecurity measures, implement robust multi-factor authentication (MFA), train personnel on social engineering tactics, use endpoint detection tools. |
| Source | The Record |
Read full article: https://therecord.media/suspected-russian-hackers-target-ukrainian-enterprises-espionage
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply