Ukrainian cybersecurity authorities warn of UAC-0099’s ongoing cyber attacks targeting government and defense organizations using sophisticated spear-phishing and malware delivery techniques. The threat actor employs a range of malicious tools like MATCHBOIL, MATCHWOK, and DRAGSTARE to maintain persistence, collect data, and compromise systems. #UAC-0099 #MATCHBOIL #MATCHWOK #DRAGSTARE #cyberespionage
Keypoints
- UAC-0099 continues targeting Ukrainian government and defense entities with advanced spear-phishing campaigns.
- The attack chain involves malicious email lures with HTML Application files that deploy various malware families.
- Malware such as MATCHBOIL drops backdoors and stealers like MATCHWOK and DRAGSTARE to facilitate persistence and data exfiltration.
- The threat actor uses obfuscation techniques, fast-flux DNS, and third-party services to hide command-and-control infrastructure.
- Similar threat activities and tools are also associated with Gamaredon, which has intensified spear-phishing efforts in 2024.
Read More: https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html