UAC-0184, a Russia-aligned threat group, targets Ukrainian military and government entities using Viber and other messaging apps to deliver malware. The group employs sophisticated techniques like DLL side-loading and memory injection to evade detection and deploy Remcos RAT for espionage and data theft. #UAC-0184 #Remcos #Hive0156 #HijackLoader #CyberEspionage
Keypoints
- The threat actor uses Viber, Signal, and Telegram to deliver malicious ZIP archives to targets.
- Attack chains involve decoy LNK files disguised as Microsoft Office documents to initiate infections.
- Hijack Loader is deployed covertly through a multi-stage process to bypass security measures.
- The malware scans for security software by calculating CRC32 hashes to evade detection.
- Remcos RAT is then injected into processes to enable remote management, espionage, and data theft.
Read More: https://thehackernews.com/2026/01/russia-aligned-hackers-abuse-viber-to.html