UAC-0241
UAC-0241 is a CERT-UA-tracked threat cluster conducting spear-phishing campaigns targeting Ukrainian educational institutions and state authorities. In the reported activity, UAC-0241 used ZIP archives containing a Windows LNK file that triggered mshta.exe to execute an HTA; the HTA launched JavaScript to download and run a PowerShell script, which delivered the LaZagne credential stealer and a Go-based backdoor named GAMYBEAR.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Associated malware families
1 malware family attributed to this actor across reporting.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Spear-phishing campaign targeting Ukrainian education and state authorities using ZIP->LNK->HTA (mshta) -> JavaScript -> PowerShell chain to deploy LaZagne credential recovery and the GAMYBEAR Go backdoor.
UAC-0241 is a threat actor targeting Ukrainian residents in the Sumy region.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.