FlagThis

Russia-aligned cyber threat groups UAC-0050 and UAC-0006 are actively using bulletproof hosting infrastructures to conduct cyberattacks globally. These networks, often obscured by offshore shell companies, provide a shield for malicious activities including espionage, financial theft, and psychological operations. Intrinsec analysts have uncovered campaigns blending cyber espionage, financial theft, and psychological warfare, primarily targeting Ukraine and its allies with tactics like bomb threats and fake banking transactions.

These threat groups heavily rely on bulletproof hosting providers to evade detection. Entities like Global Connectivity Solutions LLP and Railnet LLC act as legal fronts, using offshore shell companies in jurisdictions like Seychelles to make attribution and legal action difficult. This infrastructure also supports ransomware groups like Black Basta and RansomHub and involves frequent IP migrations across autonomous systems, further complicating efforts to block malicious activities. UAC-0050 has also engaged in psychological operations, such as sending bomb threats to Ukrainian institutions under the guise of the "Fire Cells Group."

ImgSrc: securityonline.

References :

• securityonline.info: Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign
• Cyber Security News: Russian Hackers Use Bulletproof Network Infrastructure to Evade Detection
• gbhackers.com: Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure

Classification:

• HashTags: #cybersecurity #APT #Russia
• Company: Intrinsec
• Target: Global Organizations
• Attacker: UAC-0050, UAC-0006
• Product: bulletproof hosting
• Feature: bulletproof hosting
• Malware: NetSupport RAT
• Type: Espionage
• Severity: Major