UAC-0099 phishing attacks targeting Ukraine’s defense sectors

According to Security Affairs, Ukraine's Computer Emergency Response Team (CERT-UA) has issued a warning about phishing attacks conducted by threat actor UAC-0099, targeting government and defense sectors in the country. CERT-UA discovered a series of attacks aimed at state authorities, the Defense Forces, and defense-industrial enterprises in Ukraine. The attacks start with phishing emails disguised as "court summons" sent via UKR.NET, containing links to legitimate file services hosting a double archive with an HTA file. Upon opening, the HTA file initiates a series of events that result in the deployment of malware like MATCHBOIL, MATCHWOK, and DRAGSTARE, demonstrating the evolving tactics and persistence of the threat actors. The sophisticated tactics used by UAC-0099 underscore the ongoing cybersecurity threats encountered by Ukraine's critical sectors. The utilization of malware such as MATCHBOIL, MATCHWOK, and DRAGSTARE emphasizes the necessity for improved cybersecurity measures and vigilance within the defense industry. This incident stresses the significance of continuous monitoring, sharing threat intelligence, and implementing robust defense mechanisms to reduce the risks posed by advanced threat actors like UAC-0099. Source: Security Affairs