Attribute | Details |
---|---|
Threat Actors | UAC-0185 (UNC4221) |
Campaign Overview | Phishing campaign targeting Ukrainian defense organizations, leveraging social engineering tactics. |
Target Regions | Ukraine |
Methodology | Email spoofing, phishing lures, credential theft, remote access tools, and custom HTA and BAT files. |
Product Targeted | Ukrainian defense organizations, military personnel, DELTA, TENETA, KROPYVA |
Malware Reference | MESHAGENT, UltraVNC, HTA (JavaScript payloads), BAT scripts |
Tools Used | MESHAGENT, UltraVNC, mshta.exe, LNK files, shortcut files |
Vulnerabilities Exploited | Email spoofing, command-line execution, PowerShell commands, Windows startup persistence techniques. |
TTPs | Phishing emails, impersonation tactics, remote access installation, PowerShell execution, script-based persistence. |
Attribution | Linked to UAC-0185 (UNC4221), commonly associated with Russian threat actors. |
Recommendations | Strengthen email filtering, use multi-factor authentication (MFA), deploy endpoint protection solutions, educate personnel on phishing risks. |
Source | Socprime |
Read full article: https://socprime.com/blog/uac-0185-aka-unc4221-attack-detection/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply