216.73.217.172

Mercenary Akula Hits Ukraine-Supporting Financial...

· Published 25/02/2026 11:35 · Modified 25/02/2026 11:55

Export JSON

Essential information

Published
25/02/2026 11:35
Modified
25/02/2026 11:55
Tags
2026-02-25 cyber espionage davinci group financial theft fire cells group quasarrat remcos remote access remote manipulator system social engineering spearphishing uac-0050
Related entities
10 observables, 1 intrusion sets (apt), 9 techniques (mitre), 3 malware, 4 others

Description

A European financial institution involved in regional development and reconstruction initiatives was targeted by a attack attributed to the Russia-aligned Mercenary Akula. The attack used a spoofed Ukrainian judicial domain to deliver an email containing a link to a payload. The target was a senior legal and policy advisor involved in procurement. The attack employed a multi-stage extraction process and deployed the , a legitimate remote administration tool. This incident suggests the adversary may be expanding beyond primarily Ukraine-based targeting, potentially probing Ukraine-supporting institutions in Western Europe. The attack aligns with Mercenary Akula's established tactics, including localized , multi-stage payload delivery, and the use of signed remote administration tools.

External references