| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Telegram, and WhatsApp, as well as military systems such as DELTA, TENETA, and Kropyva. The group employs phishing attacks, often impersonating the Ukrainian Union of Industrialists and Entrepreneurs (UUIE), to gain unauthorized access to the PCs of defense sector employees. They utilize custom tools, including MESHAGENT and UltraVNC, to facilitate their operations. Their activities are mapped to MITRE ATT&CK, focusing on tactics related to credential theft and remote access.
There are currently no families associated with this actor.
| 2024-12-09
⋅
SOC Prime
⋅
UAC-0185 aka UNC4221 Attack Detection: Hackers Target the Ukrainian Defense Forces and Military-Industrial Complex UAC-0185 |
| 2024-12-07
⋅
⋅
Cert-UA
⋅
Targeted cyberattacks UAC-0185 in relation to the Defense Forces and enterprises of defense systems of Ukraine (CRT-UA#12414) UAC-0185 |