UAC-0184 is deploying the Remcos RAT via steganography to evade detection and target a Ukrainian entity in Finland.

Initial attack vector is a phishing email disguised as communication from military organizations.

The 'IDAT' malware loader is used to discreetly deliver the Remcos RAT, enabling data theft and surveillance of victims.

The threat actor has broadened their focus to include organizations beyond Ukraine, and is distributing various forms of malware.

The cyber espionage campaign has been active since January 2024 and monitored by Morphisec analysts.

Experts recommend that security leaders implement advanced defense measures to counter these sophisticated attacks.

The findings and indicators of compromise are documented by Nathan Eddy for Dark Reading, with detailed reporting available from CERT-UA.