Uac-0165

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
UAC-0165 is a malware reportedly linked to the Russia-affiliated Advanced Persistent Threat (APT) group known as Sandworm. This malicious software, designed to infiltrate and damage computer systems, has been identified as the tool used in a series of cyberattacks on Ukrainian telecommunications service providers. These attacks occurred between May and September 2023, with Sandworm successfully compromising eleven different providers during this period. The Ukraine's Computer Emergency Response Team (CERT-UA) was instrumental in identifying the threat actor behind these attacks. After thorough investigation, CERT-UA attributed the cyberattacks to the Sandworm group (UAC-0165), which is believed to be one of Russia's military cyber units. This conclusion was based on the distinctive tactics, techniques, and procedures employed by the attackers, along with the specific characteristics of the UAC-0165 malware. These incidents have highlighted the significant cybersecurity threats facing telecommunication service providers, particularly those operating in geopolitical hotspots like Ukraine. The successful compromise of eleven providers over a span of just five months underscores the sophistication and persistence of groups like Sandworm. Moving forward, it will be crucial for organizations in this sector to bolster their defensive measures, continually monitor for signs of intrusion, and collaborate closely with entities like CERT-UA to respond effectively to such threats.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sandworm
2
Sandworm, a threat actor linked to Russia, has been identified as a significant cybersecurity risk. Known for its sophisticated and malicious activities, Sandworm has notably compromised 11 Ukrainian telecommunications providers, disrupting services and posing a substantial threat to the digital inf
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ukraine
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Uac-0165 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
Cyber Security Week in Review: October 20, 2023
CERT-EU
a year ago
Cyber security week in review: May 5, 2023
CERT-EU
9 months ago
IT Army of Ukraine disrupted internet providers in territories occupied by Russia
Securityaffairs
9 months ago
Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers