A naukri.com initiative
Socprime
1M
273
Image Credit: Socprime
UAC-0173 Activity Detection: Hackers Launch Phishing Attacks Against Ukrainian Notaries Using the DARKCRYSTALRAT Malware
- CERT-UA has identified a hacking group, UAC-0173, conducting phishing attacks against Ukrainian notaries impersonating the Ministry of Justice.
- SOC Prime Platform offers Sigma rules to help organizations prevent UAC-0173 attacks detailed in CERT-UA#13738 alert.
- Organizations can utilize the 'UAC-0173' tag on SOC Prime Platform to access more detection content related to this threat.
- The group uses DARKCRYSTALRAT (DCRAT) malware to gain remote access, make unauthorized changes to state registries, and evade detection.
- Attackers deploy tools like RDPWRAPPER to establish RDP connections and utilize evasion utilities like NMAP, FIDDLER, and XWORM for credential theft.
- CERT-UA implemented cybersecurity measures to identify infected computers and thwart unauthorized notarial actions by UAC-0173.
- MITRE ATT&CK context analysis provides insights into UAC-0173's operation, targeting Ukrainian notaries with DARKCRYSTAL malware.
- Sigma rules address multiple ATT&CK tactics leveraged by UAC-0173, including PowerShell execution, defense evasion, and system binary proxy execution.
- By leveraging SOC Prime's Platform, organizations can enhance their cyber defense capabilities against sophisticated hacking groups like UAC-0173.
- The ongoing threat highlights the importance of proactive cybersecurity measures to mitigate risks and protect critical infrastructure from cyber attacks.
Read Full Article
16 Likes
For uninterrupted reading, download the app