Cyber Espionage / Threat Intelligence
Malware Attack: UAC-0063 Targets Government Entities with Sophisticated Threats
By Ravie Lakshmanan, January 29, 2025
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.
DownExPyer: A Sophisticated Malware
According to Bitdefender, the stability of DownExPyer’s core functionalities over the past two years is a significant indicator of its maturity and likely long-standing presence within the UAC-0063 arsenal. This observed stability suggests that DownExPyer was likely already operational and refined prior to 2022.
Furthermore, Bitdefender identified a Python script designed to record keystrokes – likely a precursor to LOGPIE – on one of the compromised machines that was infected with DownEx, DownExPyer, and HATVIBE.
UAC-0063: A Sophisticated Threat Actor Group
Zugec explained that UAC-0063 exemplifies a sophisticated threat actor group characterized by its advanced capabilities and persistent targeting of government entities. Their arsenal, featuring sophisticated implants like DownExPyer and PyPlunderPlug, combined with well-crafted TTPs, demonstrates a clear focus on espionage and intelligence gathering.
The targeting of government entities within specific regions aligns with potential Russian strategic interests.
Stay Informed
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
