Bitdefender, one of the world's largest cybersecurity solution providers, warned of an ongoing cyber espionage campaign orchestrated by the UAC-0063 group, believed to be linked with Russia. 

UAC-0063 is a group specializing in cyber espionage and the theft of sensitive data. Active since 2022, it initially targeted entities in Central Asia but has now expanded its operations to Europe. Among the targets are embassies and government institutions in Germany, the Netherlands, the United Kingdom, Georgia, and Romania, according to Bitdefender.

The attack begins with a phishing email containing a link to a compromised Word document. Upon opening the file, the user is prompted to enable macros, a social engineering technique suggesting that this step is necessary to view the content. Once activated, the macros trigger the installation of the cyber threat. Once infected, the device begins transmitting data to the attackers' servers and can be used for further attacks on other targets.

UAC-0063 attacks have also been confirmed in Romania, where attempts to infect systems with more sophisticated variants of the cyber threat have been identified. 

CERT-UA (Ukraine's Computer Emergency Response Team) attributes UAC-0063 to the Russian group APT28 (BlueDelta), though without clear technical evidence. While the attackers use tactics similar to those of APT28, there is still no definitive confirmation. 

To combat the threat, Bitdefender suggests implementing multiple layers of security for devices and users. The firm also advises adopting advanced monitoring solutions, such as EDR (Endpoint Detection and Response) or XDR (Extended Detection and Response), which can identify and correlate suspicious behaviors, even if they are not immediately recognized.

radu@romania-insider.com

(Photo source: One Photo | Dreamstime.com)