UAC-0185
MISP
Tipo:
Unknown
Unknown
Paese:
Unknown
Unknown
Prima attivita:
Unknown
Unknown
Dettagli:
UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Telegram, and WhatsApp, as well as military systems such as DELTA, TENETA, and Kropyva. The group employs phishing attacks, often impersonating the Ukrainian Union of Industrialists and Entrepreneurs (UUIE), to gain unauthorized access to the PCs of defense sector employees. They utilize custom tools, including MESHAGENT and UltraVNC, to facilitate their operations. Their activities are mapped to MITRE ATT&CK, focusing on tactics related to credential theft and remote access.
Riferimenti (1)
Alias (110)
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
UNC4221
Metadata
| ID: | 793 |
| Created: | 13/01/2026 17:48 |
| Updated: | 09/03/2026 16:00 |