Threat actor UAC-0184 has used steganography techniques to deliver the Remcos RAT via a new malware known as the IDAT Loader to a Ukrainian target in Finland. The adversary initially targeted entities in Ukraine, however defenses thwarted the delivery of the payload. The alternate targets were then targeted. There were parallel campaigns allegedly by UAC-0148 that used email and spear-phishing as the initial access vector, using lures of job offers for Ukrainian military personnel for consultancy jobs with the Israel Defense Forces.
The goal of these attacks was cyber espionage. The Remcos RAT is used to gain access to a victim’s computer, remotely control the systems infected, steal sensitive information and execute commands. This campaign was discovered in January and utilized both steganography and memory injection as evasive techniques.
Read More: UAC-0184 Targets Ukrainian Entity in Finland With Remcos RAT