SYMBOLCOMMON_NAMEaka. SYNONYMS

UAC-0219  (Back to overview)


UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for file exfiltration in both VBScript and PowerShell variants. Their activities focus on gathering intelligence from military innovation hubs, armed forces, law enforcement, and regional government institutions. CERT-UA has linked multiple cyber-attacks against government agencies and critical infrastructure in Ukraine to UAC-0219, emphasizing their reliance on specialized malware for sensitive information theft. The group’s operations are characterized by stealthy access and data exfiltration tactics, consistent with state-sponsored APT behavior.


Associated Families

There are currently no families associated with this actor.


References
2025-04-07SOC PrimeVeronika Telychko
UAC-0226 Attack Detection: New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK Stealer
GIFTEDCROOK UAC-0219 UAC-0226
2025-04-03SOC PrimeVeronika Telychko
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL
WRECKSTEEL UAC-0219
2025-04-01Cert-UACert-UA
UAC-0219: Cyber ​​espionage using PowerShell stealer WRECKSTEEL (CERT-UA#14283)
WRECKSTEEL UAC-0219 UAC-0226

Credits: MISP Project