Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

UAC-0050’s Advanced Phishing with Remcos RAT

January 4, 2024
Reading Time: 6 mins read
in Alerts

UAC-0050, a threat actor active since 2020, is employing sophisticated phishing tactics to distribute the notorious Remcos RAT, known for its capabilities in remote surveillance and control. According to Uptycs security researchers Karthick Kumar and Shilpesh Trivedi, the group has recently integrated a pipe method for interprocess communication, showcasing advanced adaptability in their operational methods.

UAC-0050 has a history of targeting Ukrainian and Polish entities through social engineering campaigns, using phishing emails that impersonate legitimate organizations. In February 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) linked the group to a phishing campaign designed to deliver Remcos RAT.

Over the past few months, the Remcos RAT has been distributed as part of at least three different phishing waves, with one attack leading to the deployment of an information stealer called Meduza Stealer. The researchers based their analysis on an LNK file discovered on December 21, 2023.

While the exact initial access vector is currently unknown, it is suspected to have involved phishing emails targeting Ukrainian military personnel, advertising consultancy roles with the Israel Defense Forces (IDF). The LNK file collects information about installed antivirus products, retrieves and executes an HTML application, and paves the way for a PowerShell script that downloads two files from a remote server.

The downloaded files, “word_update.exe” and “ofer.docx,” are then utilized to establish persistence and execute the Remcos RAT (version 4.9.2 Pro). The Remcos RAT has the capability to harvest system data, cookies, and login information from web browsers like Internet Explorer, Mozilla Firefox, and Google Chrome.

Notably, the group employs unnamed pipes within the Windows operating system, creating a covert channel for data transfer, effectively evading detection by Endpoint Detection and Response (EDR) and antivirus systems. Despite not being an entirely new technique, the use of pipes marks a significant leap in the sophistication of UAC-0050’s strategies.

Reference:
  • Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion
Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatJanuary 2024MalwarePhishingRemcos RATRemote Access TrojansStealersUAC-0050
ADVERTISEMENT

Related Posts

Interlock Ransomware Threat Alert

Interlock Ransomware Threat Alert

July 24, 2025
Interlock Ransomware Threat Alert

Backdoor Found in WP Plugins

July 24, 2025
Interlock Ransomware Threat Alert

GitLab Patches Key Vulnerabilities

July 24, 2025
Lumma Stealer Returns with New Tactics

npm Phishing Emails Target Developer Logins

July 23, 2025
Lumma Stealer Returns with New Tactics

Lumma Stealer Returns with New Tactics

July 23, 2025
Lumma Stealer Returns with New Tactics

MuddyWater Emerges Amid Iran-Israel Clash

July 23, 2025

Latest Alerts

Interlock Ransomware Threat Alert

GitLab Patches Key Vulnerabilities

Backdoor Found in WP Plugins

Lumma Stealer Returns with New Tactics

npm Phishing Emails Target Developer Logins

MuddyWater Emerges Amid Iran-Israel Clash

Subscribe to our newsletter

    Latest Incidents

    Data Breach Affects 340K Jobseekers

    Hackers Use Ransomware on SharePoint Servers

    Beluga Vodka Ransomware Attack Reported

    Weak Password Triggers Ransomware Old Firm

    US Nuclear Agency Breached in MS Hack

    European Healthcare Network Breached

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial