menu
techminis

A naukri.com initiative

google-web-stories
source image

Securityaffairs

6d

read

354

img
dot

Image Credit: Securityaffairs

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

  • The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the threat actor UAC-0125 abuses Cloudflare Workers services to target the Ukrainian army with Malware.
  • The threat actor UAC-0125 exploits Cloudflare Workers to spread malware disguised as the mobile app Army+ app from Ukraine's Ministry of Defence.
  • Visitors to the malicious websites are prompted to download an executable file, which triggers a decoy file and a PowerShell script that sets up covert SSH access for attackers via Tor.
  • The UAC-0125 activity is linked to the UAC-0002 cluster (Sandworm/APT44), and previous attacks used trojanized Microsoft Office files for deeper intrusions.

Read Full Article

like

21 Likes

For uninterrupted reading, download the app