UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
Summary
A Russia-aligned threat actor (UAC-0050) targeted a European financial institution using social engineering and RMS malware. This activity signals a potential expansion of the threat actor's focus beyond Ukraine to include entities supporting the country.
IFF Assessment
FOE
A threat actor is actively targeting financial institutions, posing a threat to security.
Defender Context
Defenders should be aware of UAC-0050's tactics, techniques, and procedures (TTPs), including their use of social engineering and RMS malware. Monitoring for spoofed domains and suspicious email activity is crucial. The shift in targeting indicates a broader threat landscape for organizations indirectly involved in the Ukraine conflict.