UAC-0184 Hackers Deploy Stealthy Remcos RAT via Steganography to Finnish Targets

February 26, 2024
UAC-0184 Hackers Deploy Stealthy Remcos RAT via Steganography to Finnish Targets
  • UAC-0184 is deploying the Remcos RAT via steganography to evade detection and target a Ukrainian entity in Finland.

  • Initial attack vector is a phishing email disguised as communication from military organizations.

  • The 'IDAT' malware loader is used to discreetly deliver the Remcos RAT, enabling data theft and surveillance of victims.

  • The threat actor has broadened their focus to include organizations beyond Ukraine, and is distributing various forms of malware.

  • The cyber espionage campaign has been active since January 2024 and monitored by Morphisec analysts.

  • Experts recommend that security leaders implement advanced defense measures to counter these sophisticated attacks.

  • The findings and indicators of compromise are documented by Nathan Eddy for Dark Reading, with detailed reporting available from CERT-UA.

Summary based on 2 sources


Get a daily email with more Cybersecurity stories

More Stories