UAC-0056

The Russia-sponsored threat actor group, Nodaria (UAC-0056), has been identified as using a new information stealing malware called Graphiron against targets in Ukraine since October 2022. The malware is used to steal sensitive data from compromised websites, including Google AdSense accounts, through tactics such as typosquatting, malicious redirects, and pseudo-short URL domains. One of the primary targets of Nodaria's attacks is organizations in Ukraine. They use DDoS-Guard and other tactics to remain undetected while stealing information. The introduction of the Graphiron malware marks a new phase in Nodaria's operations, which previously relied on simpler infostealers to achieve their goals. This development highlights the ever-evolving threat landscape that organizations face and the need for robust cybersecurity measures to protect against attacks by state-sponsored threat actors like Nodaria (UAC-0056). As always, organizations are encouraged to keep their software up-to-date, maintain strict access controls, and regularly train employees on how to recognize and respond to potential security threats.