Cybersecurity

Cyber: Uac-0050 Targets European Financial Institution With Spoofed Domain...

2026-02-24 0 views admin
Cyber: Uac-0050 Targets European Financial Institution With Spoofed Domain...

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation.

The activity, which targeted an unnamed entity involved in regional development and reconstruction initiatives, has been attributed to a cybercrime group tracked as UAC-0050 (aka DaVinci Group). BlueVoyant has designated the name Mercenary Akula to the threat cluster. The attack was observed earlier this month.

"The attack spoofed a Ukrainian judicial domain to deliver an email containing a link to a remote access payload," researchers Patrick McHale and Joshua Green said in a report shared with The Hacker News. "The target was a senior legal and policy advisor involved in procurement, a role with privileged insight into institutional operations and financial mechanisms."

The starting point is a spear-phishing email that uses legal themes to direct recipients to download an archive file hosted on PixelDrain, a file-sharing service used by the threat actor to bypass reputation-based security controls.

The ZIP is responsible for initiating a multi-layered infection chain. Present within the ZIP file is a RAR archive that contains a password-protected 7-Zip file, which includes an executable that masquerades as a PDF document by using the widely abused double extension trick (*.pdf.exe).

The execution results in the deployment of an MSI installer for Remote Manipulator System (RMS), a Russian remote desktop software that allows remote control, desktop sharing, and file transfers.

"The use of such 'living-off-the-land' tools provides attackers with persistent, stealthy access while often evading traditional antivirus detection," the researchers noted.

The use of RMS aligns with prior UAC-0050 modus operandi, with the threat actor known to drop legitimate remote access software like LiteManager and remote access trojans such as RemcosRAT in attacks targeting Ukraine.

The Computer Emergency Response Team of Ukraine (CERT-UA) has characterized UAC-0050 as a mercenary group associated with Russian law enforcement agencies that conducts data gathering, financial theft, and information and psychological operations under the Fire Cells branding.

"This attack reflects Mercenary Akula's well-established and repetitive attack profile, while also

Source: The Hacker News

🏷️ Tags

securityhackattackthreat

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views