This post is also available in:
עברית (Hebrew)
A new series of phishing attacks has been attributed to the hacker group UAC-0185, with the latest targets being Ukrainian defense companies and security forces. According to Ukraine’s cyber defense authorities, the attackers have been using sophisticated tactics, impersonating the Ukrainian League of Industrialists and Entrepreneurs, a legitimate organization, to deceive their victims.
The phishing emails, which were detected by Ukraine’s Computer Emergency Team (CERT-UA), promoted a conference on December 5th in Kyiv, which was ostensibly aimed at aligning Ukrainian defense industry products with NATO standards, according to Ukraine’s State Service for Special Communications and Information Protection (SSSCIP). The emails contained a malicious link titled “Attachment contains important information for your participation.” Once the recipient clicked the link and opened the attached file, the system was infected with malware, granting the attackers access to sensitive data.
UAC-0185 has been active since at least 2022, and known for targeting military and defense-related systems, as well as stealing credentials from messaging platforms such as Signal, Telegram, and WhatsApp. According to Cybernews. UAC-0185 has used in previous operations specialized tools like MeshAgent and UltraVNC to gain unauthorized remote access to defense industry and military systems, enabling the theft of critical information.
The latest phishing campaign is part of a broader effort by the group to infiltrate Ukrainian defense networks, possibly with the aim of extracting intelligence and disrupting military operations. This event highlights the growing cyber threat Ukraine faces amid ongoing conflicts, with national security increasingly dependent on both physical defense measures and cybersecurity.
Although specific details on the identity of the attackers remain scarce, many cyberattacks on Ukraine have been linked to Russian cyber operations. With the continued targeting of defense-related sectors, Ukraine’s cybersecurity authorities are focused on enhancing their defenses and preventing further intrusions.
The evolving tactics of UAC-0185 underscore the increasing importance of cybersecurity in modern warfare, with digital operations playing an integral role in the ongoing conflict.
