Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries

The Hacker News by The Hacker News
February 26, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Feb 26, 2025Ravie LakshmananNetwork Security / Threat Intelligence

The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT).

The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is designed to target the Notary of Ukraine.

The infection chain leverages phishing emails that claim to be sent on behalf of the Ministry of Justice of Ukraine, urging recipients to download an executable, which, when launched, leads to the deployment of the DCRat malware. The binary is hosted in Cloudflare’s R2 cloud storage service.

Cybersecurity

“Having thus provided primary access to the notary’s automated workplace, the attackers take measures to install additional tools, in particular, RDPWRAPPER, which implements the functionality of parallel RDP sessions, which, in combination with the use of the BORE utility, allows you to establish RDP connections from the Internet directly to the computer,” CERT-UA said.

The attacks are also characterized by the use of other tools and malware families like FIDDLER for intercepting authentication data entered in the web interface of state registers, NMAP for network scanning, and XWorm for stealing sensitive data, such as credentials and clipboard content.

Furthermore, the compromised systems are used as a conduit to draft and send malicious emails using the SENDMAIL console utility in order to further propagate the attacks.

The development comes days after CERT-UA attributed a sub-cluster within the Sandworm hacking group (aka APT44, Seashell Blizzard, and UAC-0002) to the exploitation of a now-patched security flaw in Microsoft Windows (CVE-2024-38213, CVSS score: 6.5) in the second half of 2024 via booby-trapped documents.

The attack chains have been found to execute PowerShell commands responsible for displaying a decoy file, while simultaneously launching additional payloads in the background, including SECONDBEST (aka EMPIREPAST), SPARK, and a Golang loader named CROOKBAG.

Cybersecurity

The activity, attributed to UAC-0212, targeted supplier companies from Serbia, the Czech Republic, and Ukraine between July 2024 and February 2025, with some of them recorded against more than two dozen Ukrainian enterprises specializing in development of automated process control systems (ACST), electrical works, and freight transportation.

Some of these attacks have been documented by StrikeReady Labs and Microsoft, the latter of which is tracking the threat group under the moniker BadPilot.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Three Password Cracking Techniques and How to Defend Against Them

Three Password Cracking Techniques and How to Defend Against Them

Recommended.

Asuene crée Asuene Europe Limited à Londres, Royaume-Uni

Asuene crée Asuene Europe Limited à Londres, Royaume-Uni

April 8, 2025
Scottish police fail to record ethnicity in DNA database | Computer Weekly

Scottish police fail to record ethnicity in DNA database | Computer Weekly

February 26, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio