Mercenary Akula Hits Ukraine-Supporting Financial...
Essential information
- Published
- 25/02/2026 11:35
- Modified
- 25/02/2026 11:55
- Tags
- 2026-02-25 cyber espionage davinci group financial theft fire cells group quasarrat remcos remote access remote manipulator system social engineering spearphishing uac-0050
- Related entities
- 10 observables, 1 intrusion sets (apt), 9 techniques (mitre), 3 malware, 4 others
Description
A European financial institution involved in regional development and reconstruction initiatives was targeted by a social engineering attack attributed to the Russia-aligned Mercenary Akula. The attack used a spoofed Ukrainian judicial domain to deliver an email containing a link to a remote access payload. The target was a senior legal and policy advisor involved in procurement. The attack employed a multi-stage extraction process and deployed the Remote Manipulator System, a legitimate remote administration tool. This incident suggests the adversary may be expanding beyond primarily Ukraine-based targeting, potentially probing Ukraine-supporting institutions in Western Europe. The attack aligns with Mercenary Akula's established tactics, including localized social engineering, multi-stage payload delivery, and the use of signed remote administration tools.