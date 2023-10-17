The Computer Emergency Response Team of Ukraine (CERT-UA) recently announced that an actor it tracked as UAC-0165 interfered with 11 telecommunications providers from May to September 2023. The intrusions led to service disruptions for the companies’ customers.

The threat actor began attacks by scanning company networks from previously compromised Ukrainian servers for exposed RDP or SSH interfaces. After establishing a target, the attackers used two programs called POEMGATE and POSEIDON to steal credentials and remotely control compromised hosts. The threat group also used a utility called WHITECAT to cover its tracks. With persistent access to a provider’s infrastructure, the actor usually attempted to disable network and server equipment and data storage systems.

