Uac-0165

Malware updated 7 months ago (2024-05-04T18:22:37.737Z)

Download STIX

Preview STIX

UAC-0165 is a malware reportedly linked to the Russia-affiliated Advanced Persistent Threat (APT) group known as Sandworm. This malicious software, designed to infiltrate and damage computer systems, has been identified as the tool used in a series of cyberattacks on Ukrainian telecommunications service providers. These attacks occurred between May and September 2023, with Sandworm successfully compromising eleven different providers during this period. The Ukraine's Computer Emergency Response Team (CERT-UA) was instrumental in identifying the threat actor behind these attacks. After thorough investigation, CERT-UA attributed the cyberattacks to the Sandworm group (UAC-0165), which is believed to be one of Russia's military cyber units. This conclusion was based on the distinctive tactics, techniques, and procedures employed by the attackers, along with the specific characteristics of the UAC-0165 malware. These incidents have highlighted the significant cybersecurity threats facing telecommunication service providers, particularly those operating in geopolitical hotspots like Ukraine. The successful compromise of eleven providers over a span of just five months underscores the sophistication and persistence of groups like Sandworm. Moving forward, it will be crucial for organizations in this sector to bolster their defensive measures, continually monitor for signs of intrusion, and collaborate closely with entities like CERT-UA to respond effectively to such threats.

Description last updated: 2024-05-04T17:46:43.405Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Sandworm is a possible alias for Uac-0165. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ukraine

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Uac-0165 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Cyber Security Week in Review: October 20, 2023
CERT-EU	2 years ago	Cyber security week in review: May 5, 2023
CERT-EU	a year ago	IT Army of Ukraine disrupted internet providers in territories occupied by Russia
Securityaffairs	a year ago	Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers