Cyber Serp

Also known as: UAC-0255, Cyber Serp

UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting organizations in Ukraine’s public and private sectors. The campaign is part of a broader trend of using trusted identities to enhance victim engagement, as seen in previous activities like UAC-0190 and UAC-0252. CERT-UA identified UAC-0255 after discovering links to the CyberSerp Telegram channel, which claimed responsibility for the attack. The activity is documented under the identifier CERT-UA#21075, with detection rules available for cybersecurity analysts.

🌍 Country Russia

Introduction

UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting organizations in Ukraine’s public and private sectors. The campaign is part of a broader trend of using trusted identities to enhance victim engagement, as seen in previous activities like UAC-0190 and UAC-0252. CERT-UA identified UAC-0255 after discovering links to the CyberSerp Telegram channel, which claimed responsibility for the attack. The activity is documented under the identifier CERT-UA#21075, with detection rules available for cybersecurity analysts.

Activities and Tactics

Country of Origin: πŸ‡·πŸ‡Ί Russia

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • CyberGate
  • Cyber Eye RAT

Attribution and Evidence

Country of Origin: Russia Additional attribution information pending cataloguing.

References

References pending cataloguing.