UAC-0227UAC-0227

Also known as: UAC-0227

Known aliases
1

Profile

UAC-0227 is an APT group that has been active since at least March 2025, targeting local governments, critical infrastructure, and various organizations in the European Union. The group employs phishing campaigns that utilize SVG file attachments to distribute stealers like Amatera Stealer and Strela Stealer. Their tactics include leveraging ClickFix-style methods to implement their threats.

Aliases· 1

UAC-0227

References

  1. https://cip.gov.ua/ua/news/novi-kiberzagrozi-kogo-i-yak-atakuyut-vorozhi-ugrupovannya
  2. https://securityaffairs.com/183222/apt/ukraine-sees-surge-in-ai-powered-cyberattacks-by-russia-linked-threat-actors.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UAC-0226
Actor
UAC-0215
Actor
UAC-0219
Actor
UAC-0239
Actor
APT-C-27
Actor
APT27
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.