Cyberespionage attacks against Ukrainian military and defense contractors were reported by the country's Computer Emergency Response Team to have been launched by UAC-0185 threat operation, also known as UNC4221, which was previously associated with Russia, according to The Record, a news site by cybersecurity firm Recorded Future.
UAC-0185 targeted the organizations with phishing emails purporting to be invitations for a Kyiv-based defense conference last week that sought to facilitate compromise with the MeshAgent and UltraVNC tools, said CERT-UA, which previously noted MeshAgent to have been leveraged to compromise more than 100 Ukrainian state computers. Such a development follows recent attacks against Ukrainian military and defense enterprises, including intrusions by Vermin and UAC-0180 threat groups in June and July, respectively. Ukraine also had its Ministry of Defence and military personnel and defense services subjected to GhostWriter attacks and DarkCrystal malware compromise, respectively, during the same period.
