"UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware"

A threat actor called UAC-0099 has been linked to attacks against Ukraine, some of which exploit a high-severity flaw contained by WinRAR software to deliver the LONEPAGE malware strain. According to researchers at Deep Instinct, the threat actor targets Ukrainian employees in companies based outside of Ukraine. The Computer Emergency Response Team of Ukraine (CERT-UA) first documented UAC-0099 in June 2023, describing its attacks against state organizations and media entities for espionage purposes. The attack chains involved phishing emails with HTA, RAR, and LNK file attachments that deploy LONEPAGE, a Visual Basic Script (VBS) malware capable of contacting a command-and-control (C2) server to retrieve additional payloads such as keyloggers, stealers, and screenshot malware. This article continues to discuss UAC-0099 and the threat actor's exploitation of a high-severity flaw in the WinRAR software to deliver LONEPAGE.

THN reports "UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware"

Submitted by grigby1