UAC-0099 is a sophisticated threat actor group targeting Ukrainian defense and government entities through spear-phishing and malware deployment. Their evolving tactics involve using loader malware, backdoors, and data stealers to conduct espionage and data exfiltration. #UAC0099 #MATCHBOIL #MATCHWOK #DRAGSTARE
Keypoints
- UAC-0099 primarily targets Ukrainian defense and government sectors with spear-phishing emails.
- The group uses malicious HTA files and scheduled tasks to deliver and maintain persistence of malware.
- Their malware tools include the MATCHBOIL loader, the MATCHWOK backdoor, and the DRAGSTARE stealer.
- Technical components include system fingerprinting, encrypted C2 communication, and archiving stolen data for exfiltration.
- Indicators of compromise include malicious files, registry keys, scheduled tasks, and specific network IOCs.
Read More: https://gbhackers.com/uac-0099-hackers-weaponize-hta-files/