UAC-0185
MISP
Type:
Unknown
Unknown
Country:
Unknown
Unknown
First seen:
Unknown
Unknown
Details:
UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Telegram, and WhatsApp, as well as military systems such as DELTA, TENETA, and Kropyva. The group employs phishing attacks, often impersonating the Ukrainian Union of Industrialists and Entrepreneurs (UUIE), to gain unauthorized access to the PCs of defense sector employees. They utilize custom tools, including MESHAGENT and UltraVNC, to facilitate their operations. Their activities are mapped to MITRE ATT&CK, focusing on tactics related to credential theft and remote access.
References (1)
Aliases (110)
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
Metadata
| ID: | 793 |
| Created: | 13/01/2026 17:48 |
| Updated: | 09/03/2026 16:00 |