Press ESC to close

UAC-0185 aka UNC4221 Attack Detection: Hackers Target the Ukrainian Defense Forces and Military-Industrial Complex

Attribute Details
Threat Actors UAC-0185 (UNC4221)
Campaign Overview Phishing campaign targeting Ukrainian defense organizations, leveraging social engineering tactics.
Target Regions Ukraine
Methodology Email spoofing, phishing lures, credential theft, remote access tools, and custom HTA and BAT files.
Product Targeted Ukrainian defense organizations, military personnel, DELTA, TENETA, KROPYVA
Malware Reference MESHAGENT, UltraVNC, HTA (JavaScript payloads), BAT scripts
Tools Used MESHAGENT, UltraVNC, mshta.exe, LNK files, shortcut files
Vulnerabilities Exploited Email spoofing, command-line execution, PowerShell commands, Windows startup persistence techniques.
TTPs Phishing emails, impersonation tactics, remote access installation, PowerShell execution, script-based persistence.
Attribution Linked to UAC-0185 (UNC4221), commonly associated with Russian threat actors.
Recommendations Strengthen email filtering, use multi-factor authentication (MFA), deploy endpoint protection solutions, educate personnel on phishing risks.
Source Socprime

Read full article: https://socprime.com/blog/uac-0185-aka-unc4221-attack-detection/

Disclaimer: The above summary has been generated by an AI language model

Source: SOC Prime

Published on: December 9, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *