Uptime Hamster: 15d 5h 18mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza UAC-0226

UAC-0226

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Ver en IntelTracker → APTTrail →
UAC-0226 is a cyber espionage threat actor active since February 2025, assessed with high confidence to be of Russian origin. The group primarily targets Ukrainian military formations, law enforcement agencies, local government bodies, and defense innovation hubs near the eastern border. Their main objective is targeted intelligence collection, notably through the deployment of information-stealing malware via phishing emails. A distinguishing characteristic of UAC-0226 is their use of macro-enabled Excel documents for initial compromise and the GIFTEDCROOK stealer for browser data exfiltration to Telegram. The group has also been tracked under the alias SHADOW-EARTH-066.

Actores similares

uac-0008actor · 1UAC-0194apt · 0UAC-0185apt · 0UAC-0020apt · 0UAC-0219apt · 0UAC-0149apt · 0UAC-0215apt · 0UAC-0006apt · 0Guacamayaapt · 0UAC-0063apt · 0
Tecnicas MITRE
T1560 - Archive Collected Data, T1005 - Data from Local System, T1132.001 - Standard Encoding, T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1140 - Deobfuscate/Decode Files or Information
CVEs relacionadas
CVE-2025-5777, CVE-2025-49113, CVE-2025-27915, CVE-2024-37383, CVE-2024-27443, CVE-2023-43770
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
25
Actualizado
Mon, 13 Ap

Sectores objetivo (SOCRadar)

Motion Picture and Video Production