Uptime Hamster: 15d 6h 35mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza UAC-0149

UAC-0149

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Aliases: cookbox
Ver en IntelTracker → APTTrail →
UAC-0149, also tracked as FlyingYeti, Storm-1837, and Secret Blizzard, is a Russia-aligned cyber espionage threat group that first emerged in the fall of 2023. This actor's primary motivation is intelligence gathering, specifically targeting Ukrainian defense and government entities. A distinguishing characteristic of UAC-0149 is its consistent deployment of the COOKBOX malware and its adaptability in crafting lures based on current events, such as exploiting the WinRAR vulnerability CVE-2023-38831 or using debt-themed phishing campaigns to target individuals in Ukraine. The group is known for leveraging various aliases across different reporting entities, which can sometimes lead to common confusion with other Russia-aligned groups.

Aliases del actor

cookbox

Actores similares

uac-0008actor · 1cookboxactor · 1UAC-0194apt · 0UAC-0185apt · 0UAC-0020apt · 0UAC-0219apt · 0UAC-0215apt · 0UAC-0006apt · 0UAC-0226apt · 0Guacamayaapt · 0
Tecnicas MITRE
T1003, T1566.001, T1071
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
26
Actualizado
Sat, 27 Ap

Sectores objetivo (SOCRadar)

National Security&International AffairsNational Security