Rewterz Threat Alert – Serpent Backdoor – Active IOCs
March 22, 2022Rewterz Threat Update – LAPSUS$ Group’s Latest Activity
March 22, 2022Rewterz Threat Alert – Serpent Backdoor – Active IOCs
March 22, 2022Rewterz Threat Update – LAPSUS$ Group’s Latest Activity
March 22, 2022Severity
Medium
Analysis Summary
UAC-0035 aka Invisimole has been targeting Ukraine with spear-phishing message campaigns. The Russian Nation-state group also has ties to Gamaredon. The group has been active since 2013 and targeted Easter Europian organizations. But now has directed it’s attacks on Ukraine in this Russian-Ukrainian Cyber war.
“The Government Team for Response to Computer Emergencies of Ukraine CERT-UA received a notification from the subject of coordination on the distribution of e-mails among state bodies of Ukraine.” reads the advisory published by CERT-UA. “The activity is associated with the activities of the UAC-0035 group (InvisiMole). Note that the date of compilation of the malicious program LoadEdge – 24.02.2022.”
Impact
- Cyber Espionage
- Exposure of Sensitive Data
Indicators of Compromise
Filename
- 501_25_103[.]zip
- 501_25_103[.]lnk
- We4Qu6[.]hta
- 501_25_103[.]doc
IP
- 45[.]95[.]11[.]34
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.