Koushik Pal

UAC-0006, a financially motivated cyber threat group, has resurfaced with a sophisticated phishing campaign targeting customers of Ukraine’s largest state-owned bank, PrivatBank. This campaign exploits password-protected archives containing malicious JavaScript, VBScript, and LNK files to bypass detection and deploy the SmokeLoader malware via process injection and PowerShell execution. With strong overlaps in tactics, techniques, and procedures (TTPs) with the notorious FIN7 and other Russian APTs, UAC-0006 aims to steal credentials and financial data while maintaining persistent access to compromised systems. Organizations must stay vigilant, enhance security awareness, and implement robust threat intelligence to counteract this growing cyber threat.

CloudSEK’s latest investigation uncovers how APT36 (aka Transparent Tribe) is using VPS provider Contabo to host malicious infrastructure linked to CapraRAT and Crimson RAT. One of their latest tactics? Disguising spyware as the popular messaging app Viber—armed with permissions to record calls, read messages, track location, and more. Read how we traced the infrastructure, identified key Indicators of Compromise, and uncovered the full extent of this Android surveillance campaign.