216.73.216.204

Targeted activity UAC-0212 against developers and suppliers of automation and process control solutions

· Published 26/02/2025 09:54 · Modified 26/02/2025 10:24

Export JSON

Essential information

Published
26/02/2025 09:54
Modified
26/02/2025 10:24
Tags
2025-02-26 CVE-2024-38213 crookbag sandworm supply-chain
Related entities
1 vulnerabilities (cve), 112 observables, 1 intrusion sets (apt), 16 techniques (mitre), 5 malware, 5 others

Description

In 2024-2025, UAC-0212, a subcluster of UAC-0002 (), launched targeted cyberattacks against Ukrainian critical infrastructure and related industries. The actor employed new tactics, exploiting to deliver malware through PDF documents. Tools like SECONDBEST, EMPIREPAST, SPARK, and were utilized. The campaign expanded to target logistics companies, grain equipment manufacturers, and automated control system developers in Ukraine, Serbia, and the Czech Republic. The attacks aimed to compromise industrial control systems in vital sectors such as energy, water, and heat supply. The threat actor's sophisticated approach involved initial social engineering, followed by rapid lateral movement within compromised networks.

External references