"The activity, which was observed between March and April 2026, has been attributed to a threat cluster dubbed UAC-0247. The origins of the campaign are presently unknown."
"According to CERT-UA, the starting point of the attack chain is an email message claiming to be a humanitarian aid proposal, urging recipients to click on a link that redirects to either a legitimate website compromised via a cross-site scripting (XSS) vulnerability or a bogus site created with help from artificial intelligence (AI) tools."
"At the same time, recent campaigns have recorded the use of a two-stage loader, the second stage of which is implemented using a proprietary executable file format, and the final payload is additionally compressed and encrypted."
The Computer Emergencies Response Team of Ukraine has reported a malware campaign targeting government and healthcare institutions. This campaign, attributed to UAC-0247, involved emails posing as humanitarian aid proposals. Clicking the links led to compromised or fake websites that downloaded a Windows Shortcut file. This file executed an HTA that diverted attention while fetching a binary to inject shellcode into legitimate processes. The campaign also utilized a two-stage loader and included tools like RAVENSHELL and malware named AGINGFLY.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]