Find notable cyber news and cases, enriched with sources, timelines, and signals.

UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

UAC-0184 has shifted to Viber-delivered malware to target Ukrainian military and government entities, extending an active 2025 espionage operation. The initial lure uses malicious ZIP archives with decoy LNK files disguised as Microsoft Word and Excel documents. The chain then pulls down smoothieks.zip, stages Hijack Loader in memory, and uses DLL side-loading and module stomping to reduce detection. It ends with Remcos RAT injected into chime.exe, giving the attackers remote control, monitoring, and data theft.

Related Happenings

TONResolver RAT delivered via ZIP, LNK, and PowerShell

Malware Activity
H score22 First: 30.06.2026 13:30 Last: 30.06.2026 13:30 Sources 1

About this happening: The **TONResolver** malware implant was delivered through a **ZIP/LNK/PowerShell** chain that can establish a **remote access trojan** foothold and enable **command execution**. T...

OXLOADER loader stages CastleStealer via UAC prompting and DLL side-loading

Malware Activity
H score20 First: 22.06.2026 16:20 Last: 22.06.2026 16:20 Sources 1

About this happening: The **OXLOADER** malware activity now shows a **loader** delivering **CastleStealer** through **PowerShell**, **UAC** prompting, and **DLL side-loading**, giving the stealer a ste...

REF8372 malicious Google Ads CastleStealer delivery campaign

Campaign
H score27 First: 22.06.2026 16:20 Last: 22.06.2026 16:20 Sources 1

About this happening: The **REF8372** campaign now uses **malicious Google Ads** and a fake **Node.js** download site to deliver **OXLOADER** and **CastleStealer**, putting search users at risk of malw...

Vidar infostealer delivered through TikTok and Instagram Reels

Malware Activity
H score27 First: 10.06.2026 19:00 Last: 10.06.2026 19:00 Sources 1

About this happening: Threat actors are using **TikTok** and **Instagram Reels** to deliver **Vidar infostealer** through fake free-software tutorials, putting viewers at risk of **credential**, **fina...

Open-OSS/privacy-filter Hugging Face infostealer activity

Malware Activity
H score69 First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...

Timeline

  1. 05.01.2026 19:56 2 articles · 6mo ago

    UAC-0184 Viber malware targeting Ukrainian entities

    Initial Disclosure

    360 Threat Intelligence Center described UAC-0184, also tracked as Hive0156, as a Russia-aligned threat actor that targeted Ukrainian military and government entities in 2025 by abusing Viber to deliver malicious ZIP archives with decoy LNK files, fetching smoothieks.zip through PowerShell, deploying Hijack Loader with DLL side-loading and module stomping, and injecting Remcos RAT into chime.exe to gain endpoint control and steal data.

    Show sources