UAC-0099UAC-0099

Also known as: UAC-0099

Known aliases
1

Profile

UAC-0099 is a threat actor that has been active since at least May 2023, targeting Ukrainian entities. They have been observed using a known WinRAR vulnerability to carry out attacks, indicating a level of sophistication. The actor relies on PowerShell and the creation of scheduled tasks to execute malicious VBS files for initial infection. Monitoring and limiting the functionality of these components can help mitigate the risk of UAC-0099 attacks.

Aliases· 1

UAC-0099

References

  1. https://cert.gov.ua/article/4818341
  2. https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UAC-0050
Actor
UAC-0194
Actor
UAC-0219
Actor
UAC-0102
Actor
UAC-0245
Actor
UAC-0063
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.