UAC-0102UAC-0102

Also known as: UAC-0102

Known aliases
1

Profile

UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a fraudulent website to steal authentication data. Security teams can use Sigma rules to detect their phishing campaigns and leverage IOCs provided by CERT-UA to hunt for their activity in SIEM or EDR environments.

Aliases· 1

UAC-0102

References

  1. https://socprime.com/blog/uac-0102-phishing-attack-detection-hackers-steal-authentication-data-impersonating-the-ukr-net-web-service/
  2. https://cert.gov.ua/article/4928679

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UAC-0215
Actor
UAC-0185
Actor
UAC-0239
Actor
UTA0352
Actor
UAC-0006
Actor
UAC-0094
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.