Targeted activity UAC-0212 against developers and suppliers of automation and process control solutions

SUMMARY :

In 2024-2025, UAC-0212, a subcluster of UAC-0002 (Sandworm), launched targeted cyberattacks against Ukrainian critical infrastructure and related industries. The actor employed new tactics, exploiting CVE-2024-38213 to deliver malware through PDF documents. Tools like SECONDBEST, EMPIREPAST, SPARK, and CROOKBAG were utilized. The campaign expanded to target logistics companies, grain equipment manufacturers, and automated control system developers in Ukraine, Serbia, and the Czech Republic. The attacks aimed to compromise industrial control systems in vital sectors such as energy, water, and heat supply. The threat actor's sophisticated approach involved initial social engineering, followed by rapid lateral movement within compromised networks.

OPENCTI LABELS :

supply chain,sandworm,cve-2024-38213,crookbag


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Targeted activity UAC-0212 against developers and suppliers of automation and process control solutions