"Breach Report" from UAC-0099 (CERT-UA#12463)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Ukrainian CERT-UA investigated cyberattacks by UAC-0099 against government organizations during November-December 2024. The attacks involved emails with malicious attachments, including exploits for CVE-2023-38831. The LONEPAGE program, used for command execution, has evolved to use encrypted files and .NET programs for decryption and in-memory execution. The group's espionage activities continue to evolve, with changing targets and infrastructure. The attackers use Cloudflare for hiding and ensuring fault tolerance. The report emphasizes the importance of implementing proper cyber defense measures to protect state information resources.
OPENCTI LABELS :
powershell,cve-2023-38831,lnk files,cloudflare,winrar,lonepage program
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
"Breach Report" from UAC-0099 (CERT-UA#12463)