Operational summary:
Threat actor: UAC-0050
Alias: DaVinci Group / Mercenary Akula (per BlueVoyant)
Tooling: RMS (Remote Manipulator System)
Delivery: Spear-phishing, spoofed judicial domain, layered archives
TTP alignment consistent with reporting from CERT-UA.

Strategic overlay:
Russia-nexus actors, including APT29, continue high-confidence trust exploitation campaigns, as outlined by CrowdStrike.

Detection priorities:
- Monitor MSI execution anomalies
- Flag double-extension binaries
- Inspect outbound RMS traffic
- Harden executive email authentication
Follow for tactical intelligence briefings.
Comment with detection engineering recommendations.

#Infosec #ThreatIntel #UAC0050 #APT29 #RMS #SpearPhishing #DetectionEngineering #CyberEspionage #SOC #BlueTeam #SecurityOperations

Over the past few months, UAC-0050 has wielded the same Trojan in at least three distinct phishing campaigns. Notably, one of these attacks introduced an information-stealing program named Meduza Stealer.

#Cybersecurity #Malware #Stealer #RAT #UAC0050 #Ukraine

https://cybersec84.wordpress.com/2024/01/07/remcos-rat-the-latest-cyberweapon-in-the-arsenal-of-uac-0050/

#UAC0050 launches another tricky #phishing campaign against Ukraine impersonating the email sender as the Security Service of Ukraine and spreading #Remcos #RAT, as #CERTUA reports. Detect attacks with relevant #Sigma rules from SOC Prime Platform.

https://socprime.com/blog/remcos-rat-detection-uac-0050-hackers-launch-phishing-attacks-impersonating-the-security-service-of-ukraine/