UAC-0185 is a threat actor, also known as UNC4221. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does UAC-0185 exploit?

Specific CVE exploitation data for UAC-0185 is being tracked. Check the Strobes VI threat actor profile for updates.

UAC-0185

Also known as: UNC4221

Exploited CVEs

Overview

UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Telegram, and WhatsApp, as well as military systems such as DELTA, TENETA, and Kropyva. The group employs phishing attacks, often impersonating the Ukrainian Union of Industrialists and Entrepreneurs (UUIE), to gain unauthorized access to the PCs of defense sector employees. They utilize custom tools, including MESHAGENT and UltraVNC, to facilitate their operations. Their activities are mapped to MITRE ATT&CK, focusing on tactics related to credential theft and remote access.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database