RU

UAC-0194UAC-0194

Also known as: UAC-0194

Origin
RU
Known aliases
1

Profile

UAC-0194 is a Russian threat actor linked to the exploitation of the Windows zero-day CVE-2024-43451, which was used in attacks against Ukrainian organizations. The group delivered phishing emails containing .url files that, when interacted with, exploited the vulnerability to facilitate the installation of additional payloads, including the SparkRAT trojan. They also exploited the Server Message Block protocol for NTLM hash exfiltration. CERT-UA has associated UAC-0194's activities with social engineering tactics to convince victims to execute malicious files.

Aliases· 1

UAC-0194

References

  1. https://www.clearskysec.com/0d-vulnerability-exploited-in-the_wild/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UAC-0094
Actor
UAC-0154
Actor
UAC-0102
Actor
UAC-0241
Actor
UAC-0099
Actor
UAC-0215
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.