SYMBOL | COMMON_NAME | aka. SYNONYMS |
UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for file exfiltration in both VBScript and PowerShell variants. Their activities focus on gathering intelligence from military innovation hubs, armed forces, law enforcement, and regional government institutions. CERT-UA has linked multiple cyber-attacks against government agencies and critical infrastructure in Ukraine to UAC-0219, emphasizing their reliance on specialized malware for sensitive information theft. The group’s operations are characterized by stealthy access and data exfiltration tactics, consistent with state-sponsored APT behavior.
There are currently no families associated with this actor.
2025-04-07
⋅
SOC Prime
⋅
UAC-0226 Attack Detection: New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK Stealer GIFTEDCROOK UAC-0219 UAC-0226 |
2025-04-03
⋅
SOC Prime
⋅
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL WRECKSTEEL UAC-0219 |
2025-04-01
⋅
⋅
Cert-UA
⋅
UAC-0219: Cyber espionage using PowerShell stealer WRECKSTEEL (CERT-UA#14283) WRECKSTEEL UAC-0219 UAC-0226 |