UAC-0099 has been targeting Ukrainian government agencies and defense enterprises with phishing emails that serve as vectors for delivering malware. The attacks utilize specific lures related to court summons to entice victims. Once executed, the malware payload initiates a series of obfuscated scripts that lead to the deployment of various malicious programs, including MATCHBOIL, MATCHWOK, and DRAGSTARE. These programs are coded in C# and enable functionalities such as remote PowerShell command execution and data theft from affected systems.
The Computer Emergency Response Team of Ukraine (CERT-UA) has reported ongoing cyber attacks by threat actor UAC-0099, targeting government and defense industries using phishing emails and malware.
UAC-0099 employs initial compromises via phishing emails with court summons lures, delivering malware like MATCHBOIL, MATCHWOK, and DRAGSTARE, sourced from shortened URL links.
Collection
[
|
...
]