Russia-nexus threat operation UAC-0550, also known as DaVinci Group and Mercenary Akula, has targeted a European financial organization supporting Ukraine in a social engineering attack signifying the group's expansion of intrusions beyond Ukraine, The Hacker News reports.UAC-0550 leveraged a fake Ukrainian judicial domain to deliver a legal-themed phishing email luring recipients into downloading a ZIP file from the PixelDrain file-sharing service, an analysis from Blue Voyant revealed. Included within the ZIP file is a RAR archive with a password-protected 7-Zip file, which launches an MSI installer for the Russian remote desktop software Remote Manipulator System upon execution."The use of such 'living-off-the-land' tools provides attackers with persistent, stealthy access while often evading traditional antivirus detection," said Blue Voyant researchers.Such findings come as Russian threat actors were noted by Ukrainian officials to have been using cyberattacks against its power grid to guide missile strikes. Another report from CrowdStrike stated that Russia-linked hackers could further intensify intelligence operations against Ukraine and NATO member states this year.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds