| Attribute | Details |
|---|---|
| Threat Actors | UAC-0185 (UNC4221) |
| Campaign Overview | Phishing campaign targeting Ukrainian defense organizations, leveraging social engineering tactics. |
| Target Regions | Ukraine |
| Methodology | Email spoofing, phishing lures, credential theft, remote access tools, and custom HTA and BAT files. |
| Product Targeted | Ukrainian defense organizations, military personnel, DELTA, TENETA, KROPYVA |
| Malware Reference | MESHAGENT, UltraVNC, HTA (JavaScript payloads), BAT scripts |
| Tools Used | MESHAGENT, UltraVNC, mshta.exe, LNK files, shortcut files |
| Vulnerabilities Exploited | Email spoofing, command-line execution, PowerShell commands, Windows startup persistence techniques. |
| TTPs | Phishing emails, impersonation tactics, remote access installation, PowerShell execution, script-based persistence. |
| Attribution | Linked to UAC-0185 (UNC4221), commonly associated with Russian threat actors. |
| Recommendations | Strengthen email filtering, use multi-factor authentication (MFA), deploy endpoint protection solutions, educate personnel on phishing risks. |
| Source | Socprime |
Read full article: https://socprime.com/blog/uac-0185-aka-unc4221-attack-detection/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply