UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT
Jan 04, 2024
Software Security / Malware
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi said in a Wednesday report. "However, in their latest operational twist, the UAC-0050 group has integrated a pipe method for interprocess communication , showcasing their advanced adaptability." UAC-0050, active since 2020, has a history of targeting Ukrainian and Polish entities via social engineering campaigns that impersonate legitimate organizations to trick recipients into opening malicious attachments. In February 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) attributed the adversary to a phishing campaign designed to deliver Remcos RAT. Over t...
