FlagThis

Criminal group UAC-0173 is actively targeting Ukrainian notaries in a series of cyberattacks. These attacks, which have been ongoing since mid-January 2025, involve the use of DARKCRYSTALRAT malware. The cybercriminals are exploiting RDP tools to breach Ukraine's notarial offices, aiming to manipulate state registers. CERT-UA has issued an alert, CERT-UA#13738, regarding these activities.

SOC Prime has released Sigma rules to detect UAC-0173 attacks leveraging DARKCRYSTALRAT malware, providing cybersecurity professionals with tools to identify and mitigate these threats. These attacks by UAC-0173 highlight the ongoing cyber warfare impacting critical infrastructure and organizations within Ukraine.

CERT-UA reports Hackers Exploit RDP Tools to Breach Ukraine’s Notarial Offices.

ImgSrc: socprime.com

References :

• SOC Prime Blog: UAC-0173 Activity Detection: Hackers Launch Phishing Attacks Against Ukrainian Notaries Using the DARKCRYSTALRAT Malware
• thecyberexpress.com: Hackers Exploit RDP Tools to Breach Ukraine’s Notarial Offices, CERT-UA Reports
• securityaffairs.com: Criminal group UAC-0173 targets the Notary Office of Ukraine
• The Hacker News: CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
• Talkback Resources: Cyble article describing CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
• Talkback Resources: Report that a criminal group UAC-0173 targets the Notary Office of Ukraine

Classification:

• HashTags: #UAC0173 #DCRAT #Cyberattack
• Company: CERT-UA
• Target: Ukrainian notaries
• Attacker: UAC-0173
• Product: Notary services
• Feature: Remote access
• Malware: DCRat
• Type: Malware
• Severity: Major