Bitdefender warns of an ongoing cyber espionage campaign orchestrated by a group specialized in stealing sensitive data, targeting governmental and diplomatic entities in Central Asia and Europe, including Romania.
There are no clear indications that the hackers are affiliated with Russia, but they are targeting states within its sphere of interest.
„UAC-0063 is a group specialized in cyber espionage and stealing sensitive data. Active since 2022, UAC-0063 initially targeted entities in Central Asia and has now expanded its operations to Europe.
Among the targets are embassies and governmental institutions in Germany, the Netherlands, the United Kingdom, Georgia, and Romania.
The attackers have developed an advanced attack technique based on compromised Word documents. These files are distributed through phishing emails and contain infected macros that, once activated, install cyber threats on the victims' devices.
"In some cases, the attackers have reused authentic documents previously stolen from diplomatic institutions," warns experts from Bitdefender, the global producer of cybersecurity solutions.
Once infected, the device starts transmitting data to the attackers' servers and can be used for new attacks on other targets.
UAC-0063 attacks have also been confirmed in Romania, where attempts of infection using more sophisticated variants of the cyber threat have been identified, cybersecurity experts affirm. Thus, on April 4, 2024, a compiled version of it, protected by advanced code camouflage techniques, was detected on a system in the country.
"CERT-UA (Ukrainian Computer Emergency Response Team) attributes UAC-0063 to the Russian group APT28 (BlueDelta), but without clear technical evidence. Although the attackers use similar tactics to APT28, there is no definitive confirmation yet.
However, the fact that the attacks target diplomatic and governmental entities in regions of interest to Russia raises questions about the possible geopolitical motivation behind these operations," notes Bitdefender.
In this context, to effectively combat cyber threats, whether past, present, or future, a multi-layered security strategy is essential.
According to experts, the first step in reducing the risk of attack is minimizing the attack surface. "Proactive risk management through vulnerability assessments and threat scenarios helps identify and eliminate weaknesses before they are exploited by attackers like UAC-0063," the company emphasizes.
Moreover, on the protection front, implementing multiple layers of security for devices and users significantly hinders attackers' access.
"Even if security solutions detect anomalies, security teams must investigate and act promptly. Lack of specialized personnel or resources can lead to response delays and allow attackers to continue their operations.
Threat intelligence solutions provide essential information about cyber attacks. Bitdefender IntelliZone is an intuitive platform that centralizes this information and the involved actors, providing security analysts access to advanced malware analysis services," the statement specifies.