Sunday, April 28, 2024

UAC-0050 Hacked Thousands Of Emails To Launch Malspam Attack

By Tushar Subhra Dutta

Threat actors target email addresses, as they provide a way to access personal and confidential information.

Emails often hold valuable data such as financials, login credentials, and personal messages.

The attackers could start different kinds of cyber-attacks and propagate malware via compromised email addresses.

Cybersecurity researcher Will (@BushidoToken) recently discovered that threat actors from UAC-0050 (aka DaVinci Group) have been actively targeting and hacking thousands of email addresses to malspam campaigns.

UAC-0050 Hacked Thousands

CERT-UA reported on 22 Feb 2024 linking UAC-0050 to “The DaVinci Group,” a Russian-speaking mercenary org tied to Russian law enforcement. 

UAC-0050 has been targeting Ukrainian organizations since the 2022 Russian invasion. 

Besides this, it’s been attributed to 15 malspam campaigns, acting as initial access brokers for threat groups like Sandworm and Fancy Bear.

Document
Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
    • If you want to test all these features now with completely free access to the sandbox: ..


They deliver five malware families purchased with Bitcoin from underground cybercriminals, including Remcos RAT and Quasar RAT. 

CERT-UA shared artifacts like file paths and domains tied to UAC-0050 on various occasions by providing insight into their activities.

The DaVinci Group has been actively launching malspam attacks against Ukrainian targets since at least 2017.

They have targeted government ministries, local authorities, the military, and civilians with tens of thousands of harvested email addresses. 

Using tactics like posing as judicial authorities or security services, they distribute malicious attachments like Remcos RAT or RemoteUtilities RMM tools to deceive victims. 

Their evolving strategies show a concerning level of sophistication and persistence in their cyber operations.

DaVinci Group (Source – BushidoToken)

CERT-UA’s artifacts and DaVinci’s website mix-up became crucial pivots. The mistake exposed DaVinci operators’ details openly, unraveling their activities effortlessly.

DaVinci Website (Source – BushidoToken)

8161[.]uk serves as The DaVinci Group’s primary hub, showcasing their services collection. Not only that, but they also boast access to 150,000 Moscow CCTV cameras.

DaVinci Services (Source – BushidoToken)

Since August 25, 2018, the DaVinci Project site has links to domains like davincigroup[.]online.

It connects to social media profiles, including laughable Instagram with bare Russian models showcasing laptops.

DaVinci on Instagram showcased explicit ads and glimpses of hacking and surveillance work.

The clients contact us via Telegram, with multiple business-related accounts listed on their website’s Contact Us page.

Services Offered By DaVinci

Here below, we have mentioned all the services offered:-

  • Breaking into WhatsApp/Viber – 350,000 roubles parallel access with correspondence archive.
  • VK architecture with remote messages – 500,000 rubles exclusive from VKontakte servers.
  • Breaking into TV is from 500,000p.
  • Pk/mobile break-in – 150,000p.
  • Stealing social network/messenger accounts from 100,000p.
  • Gmail archive – 250,000p.
  • Corporate mail, 150,000p.
  • Withdrawal of info from cellular towers – from 300 000p
  • Interception of Internet traffic – from 400,000p
  • Monitoring cell phone movements – from 900,000p per week
  • Search for stolen cars – 200 000p
  • Establishment/elimination of exit/entry ban – 100,000p
  • Telegram hacking – 500,000p
  • Comprehensive dossiers on Phys. persons – from 20,000 rubles, Legal entity. persons – from 30,000 rubles
  • Ministry of Internal Affairs (Russia) requests – from 1500 rubles.
  • Interpol Search – from 50,000 rub.
  • Europol Search – from 80,000 rub.
  • Weapons (Registered weapons on a citizen) Search – from 5,000 rubles.
  • Crossing the border Search – from 11,000 rubles.
  • Flight Passenger list – from 10,000 rubles.
  • Determine data on IP – from 100,000 rubles.
  • Bank Account balance (balance) – from 20,000 rubles.
  • Addresses of ATMs used by the target – from 30,000 rubles/month
  • SMS details with text for 1 month: Any operator in the Russian Federation – from 150,000 rubles.
  • Flash, any operator in the Russian Federation (all operators) – from 40,000 rubles.
  • Marking call points on the map via BS per month (all operators) – from 10,000 rubles.

CERT-UA reports suggest DaVinci Group mercenaries may aid Russia in targeting Ukraine. Investigating their online presence shows capabilities but a lack of operational security.

DaVinci Group is a low-tier mercenary threat group blurring the lines between cybercrime and the Russian government.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Managed WAF Protection

Website

Latest articles

CVE/vulnerability

NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication

Some router models have identified a security vulnerability that allows attackers to bypass authentication.To...
CVE/vulnerability

5000+ CrushFTP Servers Hacked Using Zero-Day Exploit

Hackers often target CrushFTP servers as they contain sensitive data and are used for...
Cyber Attack

13,142,840 DDoS Attacks Targeted Organization Around The Globe

DDoS attacks are a significant and growing risk that can overpower websites, crash servers,...
CVE/vulnerability

Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike

Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt...
Cyber Attack

Microsoft Publicly Releases MS-DOS 4.0 Source Code

In a historic move, Microsoft has made the source code for MS-DOS 4.0, one...
Cyber Attack

New SSLoad Malware Combined With Tools Hijacking Entire Network Domain

A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which...
Cyber Security News

Palo Alto Networks Shares Remediation Advice for Hacked Firewalls

Palo Alto Networks has issued urgent remediation advice after discovering a critical vulnerability, designated...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]