| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UAC-0154 is a threat actor orchestrating the STARK#VORTEX phishing campaign, specifically targeting Ukraine’s military. They employ a Microsoft Help file containing obfuscated JavaScript as a lure, disguised as a manual for Pilot-in-Command Drones, to deliver the MerlinAgent malware. This PowerShell-based RAT is heavily obfuscated and downloads a payload from a remote server, enabling full control over compromised systems. The group initially targeted Ukrainian entities using military-themed documents sent via email to @ukr.net addresses.
There are currently no families associated with this actor.
| 2023-10-05
⋅
Securonix
⋅
Securonix Threat Labs Monthly Intelligence Insights – September 2023 UAC-0154 |