Russia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber
Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025.
“Recent monitoring data from the 360 Advanced Threat Research Institute shows that the UAC-0184 group launched a phishing attack campaign against the Verkhovna Rada (Ukrainian parliament), targeting sensitive issues such as the alteration of Ukrainian military personnel files and the refusal to pay compensation for those killed in action.” reads the report published by the 360 Advanced Threat Research Institute.
The 360 Advanced Threat Research Institute observed UAC-0184 launching a phishing campaign against Ukraine’s Verkhovna Rada. The APT group exploited sensitive themes such as military personnel record changes and denied compensation for fallen soldiers. The group is expected to continue intensive intelligence-theft operations against Ukrainian military and government bodies through 2025, prompting recommendations to strengthen security awareness, encryption, and access controls.
Read more at Security Affairs