In the realm of cybersecurity, vigilance is paramount, and recent developments reveal a persistent threat facing Ukrainian entities. In mid-2023, the Ukrainian CERT issued advisory #6710, unmasking a threat actor identified as “UAC-0099.” This actor’s activities and arsenal of tools were succinctly outlined in the advisory. In this blog post, we’ll look into the intricate details of the persistent cybersecurity threat posed by LONEPAGE Malware. We’ll also uncover its tactics and the evolving landscape of targeted attacks against Ukrainian firms.
LONEPAGE Malware: UAC-0099’s Continued Assault on Ukraine
Since the publication of CERT-UA’s advisory, Deep Instinct has uncovered fresh malware attacks orchestrated by UAC-0099, specifically targeting Ukrainian entities. Notably, UAC-0099 employs a cunning strategy, deploying fabricated court summons to lure unsuspecting targets in Ukraine into executing malicious files. Ukrainian firms cybersecurity is a top priority in the ever-evolving digital landscape, necessitating robust strategies to mitigate risks and fortify defenses against emerging cyber threats.
UAC-0099 and WinRAR Exploits
UAC-0099 has been implicated in a series of assaults against Ukraine, leveraging a critical flaw in WinRAR software to propagate the LONEPAGE malware. According to cybersecurity firm Deep Instinct, this threat actor has set its sights on Ukrainian employees affiliated with international companies.
In a detailed analysis, Deep Instinct revealed that UAC-0099’s attack vectors encompass phishing messages housing HTA, RAR, and LNK file attachments. These attachments, when activated, trigger the deployment of LONEPAGE—a Visual Basic Script (VBS) malware. LONEPAGE exhibits the capability to establish communication with a command-and-control (C2) server, fetching additional payloads such as keyloggers, stealers, and screenshot malware.
