UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
Jan 29, 2025
Cyber Espionage / Threat Intelligence
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063's operations, particularly documenting their expansion beyond their initial focus on Central Asia, targeting entities such as embassies in multiple European countries, including Germany, the U.K., the Netherlands, Romania, and Georgia," Martin Zugec, technical solutions director at Bitdefender, said in a report shared with The Hacker News. UAC-0063 was first flagged by the Romanian cybersecurity company in May 2023 in connection with a campaign that targeted government entities in Central Asia with a data exfiltration malware known as DownEx (aka STILLARCH). It's suspected to share links with a known Russian state-sponsored actor called APT28. Merely weeks later, the Compu...