UAC-0215
0 incidentes
0 paises
0 sectores
apt UA Ultimo: -
UAC-0215 is a Russia-aligned advanced persistent threat (APT) actor that first emerged with infrastructure preparation in August 2024, followed by large-scale phishing campaigns detected in October 2024. This state-sponsored group, assessed with high confidence to be of Russian origin, is primarily motivated by espionage, seeking unauthorized remote access to sensitive systems for intelligence gathering, data exfiltration, and the deployment of follow-on malware in support of Russian state interests amidst ongoing conflict. What sets UAC-0215 apart is its primary reliance on spear-phishing campaigns that deliver malicious Remote Desktop Protocol (RDP) configuration files (.rdp). These files, upon execution, establish bidirectional connections to actor-controlled servers, enabling extensive resource mapping. The group's activities have shown overlaps with other Russian state-sponsored actors such as APT29/Midnight Blizzard.