UAC-0056

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
The Russia-sponsored threat actor group, Nodaria (UAC-0056), has been identified as using a new information stealing malware called Graphiron against targets in Ukraine since October 2022. The malware is used to steal sensitive data from compromised websites, including Google AdSense accounts, through tactics such as typosquatting, malicious redirects, and pseudo-short URL domains. One of the primary targets of Nodaria's attacks is organizations in Ukraine. They use DDoS-Guard and other tactics to remain undetected while stealing information. The introduction of the Graphiron malware marks a new phase in Nodaria's operations, which previously relied on simpler infostealers to achieve their goals. This development highlights the ever-evolving threat landscape that organizations face and the need for robust cybersecurity measures to protect against attacks by state-sponsored threat actors like Nodaria (UAC-0056). As always, organizations are encouraged to keep their software up-to-date, maintain strict access controls, and regularly train employees on how to recognize and respond to potential security threats.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ddos
Fraud
Wordpress
Infostealer
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the UAC-0056 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Cyber security week in review: February, 10
CERT-EU
a year ago
Anomali Cyber Watch: Hospital Ransoms Pay for Attacks on Defense, Nodaria Got Upgraded Go-Based Infostealer, TA866 Moved Screenshot Functionality to Standalone Tool
CERT-EU
a year ago
Von der Ukraine nach ganz Europa : Cyberkonflikt erreicht einen Wendepunkt – Global Security Mag Online