UAC-0063UAC-0063

Also known as: UAC-0063

Known aliases
1

Profile

UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They utilize keyloggers, backdoors, and malware like Hatvibe and Cherryspy to compromise systems and exfiltrate sensitive information. The group has been active since at least 2021 and has shown interest in targeting organizations in Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India. Their TTPs include spear-phishing campaigns and exploiting vulnerabilities in software products like HFS HTTP File Server and Rejetto file-sharing servers.

Aliases· 1

UAC-0063

References

  1. https://socprime.com/blog/uac-0063-attack-detection-hackers-target-ukrainian-research-institutions-using-hatvibe-cherryspy-and-cve-2024-23692/
  2. https://cert.gov.ua/article/4697016

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC6293
Actor
UAC-0185
Actor
UAC-0050
Actor
UAC-0226
Actor
UAC-0219
Actor
UAC-0102
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.