UAC-0094

Also known as: UAC-0094

State Service of Special Communication and Information Protection of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts. The Ukrainian CERT attributes the hacking campaign to threat actors tracked as UAC-0094. Threat actors are targeting Telegram users by sending Telegram messages with malicious links to the Telegram website in order to gain unauthorized access to the records and transfer a one-time code from SMS.

🌍 Country Russia

Introduction

State Service of Special Communication and Information Protection of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts. The Ukrainian CERT attributes the hacking campaign to threat actors tracked as UAC-0094. Threat actors are targeting Telegram users by sending Telegram messages with malicious links to the Telegram website in order to gain unauthorized access to the records and transfer a one-time code from SMS.

Activities and Tactics

Country of Origin: πŸ‡·πŸ‡Ί Russia

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Hacking Team UEFI Rootkit
  • CyberGate
  • Cyber Eye RAT

Attribution and Evidence

Country of Origin: Russia Additional attribution information pending cataloguing.

References

References pending cataloguing.