Introduction
UAC-0219 is a hacking group observed conducting cyber-espionage operations targeting Ukrainian critical sectors, primarily utilising WRECKSTEEL malware for file exfiltration in both VBScript and PowerShell variants. Their activities focus on gathering intelligence from military innovation hubs, armed forces, law enforcement, and regional government institutions. CERT-UA has linked multiple cyber-attacks against government agencies and critical infrastructure in Ukraine to UAC-0219, emphasizing their reliance on specialized malware for sensitive information theft. The groupβs operations are characterized by stealthy access and data exfiltration tactics, consistent with state-sponsored APT behavior.
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Hacking Team UEFI Rootkit
- PowerDuke
- POWERSTATS
- Power Loader
- POWERSOURCE
- CyberGate
- Cyber Eye RAT
- Nova
- PowerRAT
Attribution and Evidence
Information pending cataloguing.
References
References pending cataloguing.