Uac-0165

Malware updated 6 months ago (2024-05-04T18:22:37.737Z)

Download STIX

Preview STIX

UAC-0165 is a malware reportedly linked to the Russia-affiliated Advanced Persistent Threat (APT) group known as Sandworm. This malicious software, designed to infiltrate and damage computer systems, has been identified as the tool used in a series of cyberattacks on Ukrainian telecommunications service providers. These attacks occurred between May and September 2023, with Sandworm successfully compromising eleven different providers during this period. The Ukraine's Computer Emergency Response Team (CERT-UA) was instrumental in identifying the threat actor behind these attacks. After thorough investigation, CERT-UA attributed the cyberattacks to the Sandworm group (UAC-0165), which is believed to be one of Russia's military cyber units. This conclusion was based on the distinctive tactics, techniques, and procedures employed by the attackers, along with the specific characteristics of the UAC-0165 malware. These incidents have highlighted the significant cybersecurity threats facing telecommunication service providers, particularly those operating in geopolitical hotspots like Ukraine. The successful compromise of eleven providers over a span of just five months underscores the sophistication and persistence of groups like Sandworm. Moving forward, it will be crucial for organizations in this sector to bolster their defensive measures, continually monitor for signs of intrusion, and collaborate closely with entities like CERT-UA to respond effectively to such threats.

Description last updated: 2024-05-04T17:46:43.405Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Sandworm is a possible alias for Uac-0165. Sandworm, also known as APT44, is a Russia-linked threat actor that has been implicated in several major cyberattacks. This group has been particularly active against targets in Ukraine and Poland, with significant operations including the compromise of 11 Ukrainian telecommunications providers, whi	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ukraine

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Uac-0165 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Cyber Security Week in Review: October 20, 2023
CERT-EU	a year ago	Cyber security week in review: May 5, 2023
CERT-EU	a year ago	IT Army of Ukraine disrupted internet providers in territories occupied by Russia
Securityaffairs	a year ago	Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers