UAC-0154 is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does UAC-0154 exploit?

Specific CVE exploitation data for UAC-0154 is being tracked. Check the Strobes VI threat actor profile for updates.

UAC-0154

Exploited CVEs

Overview

UAC-0154 is a threat actor orchestrating the STARK#VORTEX phishing campaign, specifically targeting Ukraine’s military. They employ a Microsoft Help file containing obfuscated JavaScript as a lure, disguised as a manual for Pilot-in-Command Drones, to deliver the MerlinAgent malware. This PowerShell-based RAT is heavily obfuscated and downloads a payload from a remote server, enabling full control over compromised systems. The group initially targeted Ukrainian entities using military-themed documents sent via email to @ukr.net addresses.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database