The Computer Emergency Response Team of Ukraine (CERT-UA) has reported recent cyberattacks by the organized crime group UAC-0173, which targets the Notary of Ukraine with the DCRat (DarkCrystal RAT) malware. Initiated in mid-January 2025, the attackers utilize phishing emails masking as official communications from the Ministry of Justice, prompting recipients to download malware. The infection enables further exploitation and the use of tools like RDPWRAPPER for remote access. Other malware includes FIDDLER for data interception, and NMAP for network scanning, illustrating a sophisticated approach to continuing cyber threats against Ukrainian institutions.
Having thus provided primary access to the notary's automated workplace, the attackers take measures to install additional tools, in particular, RDPWRAPPER, which implements the functionality of parallel RDP sessions.
The attacks are also characterized by the use of other tools and malware families like FIDDLER for intercepting authentication data entered in the web interface of state registers.
Collection
[
|
...
]