Ukraine Warns of Pro-Russian Hackers' Sophisticated Phishing Attacks
Ukraine's cybersecurity agency, CERT-UA, has issued a warning about ongoing phishing attacks by a pro-Russian hacker group, UAC-0099. The group has been active since mid-2022, targeting government and defense sectors with advanced malware protection tools.
The attack chain involves a complex series of steps. It begins with a double archive containing an HTA file, which is used to run an obfuscated VBScript. This script then executes PowerShell code, ensuring the malware protection evades detection. Scheduled tasks are created to maintain persistence.
UAC-0099's arsenal includes several C# malware protection tools. DRAGSTARE is a stealer that gathers system and browser data, executes PowerShell commands, and evades virtual machines. MATCHBOIL is a loader that fetches and runs additional payloads, gathers system data, and ensures persistence. MATCHWOK is a backdoor that executes PowerShell commands, avoids analysis tools, and maintains persistence. These tools have been used in attacks in May and December 2023, including an exploit of a WinRAR flaw (CVE-2023-38831).
The group delivers its malware through phishing emails containing links to legitimate file services. This tactic has proven effective in targeting Ukrainian defense sectors.
CERT-UA's warning highlights the ongoing threat posed by UAC-0099. Organizations in Ukraine's government and defense sectors are urged to remain vigilant against phishing emails and to implement robust malware protection measures to protect against these sophisticated attacks.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.