Find notable cyber news and cases, enriched with sources, timelines, and signals.

UAC-0050 spear-phishing campaign targeting European financial institutions

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The UAC-0050 spear-phishing operation targeted a European financial institution, raising concern that the actor is extending its reach beyond Ukraine into Western Europe. The attack spoofed a Ukrainian judicial domain, used PixelDrain-hosted archives, and ultimately installed Remote Manipulator System (RMS) for remote control. The targeting and payload chain suggest the group is pursuing intelligence gathering or financial theft against support-linked institutions.

Related Happenings

GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem

Threat Actor Meta
H score15 First: 29.05.2026 14:31 Last: 29.05.2026 14:31 Sources 1

About this happening: A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

Ghostwriter Prometheus-themed phishing campaign targeting Ukraine government organizations

Campaign
H score33 First: 22.05.2026 19:20 Last: 22.05.2026 19:20 Sources 1

About this happening: A **Ghostwriter** phishing campaign is targeting **Ukraine government organizations** with **Prometheus-themed lures**, increasing the risk of credential theft and follow-on acces...

Webworm expanded European government and South Africa university espionage campaign

Campaign
H score24 First: 20.05.2026 14:30 Last: 20.05.2026 14:30 Sources 1

About this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...

Code of conduct-themed Microsoft AiTM phishing campaign

Campaign
H score53 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...

Timeline

  1. 24.02.2026 16:21 2 articles · 4mo ago

    UAC-0050 spear-phishes a European financial institution

    Initial Disclosure

    UAC-0050, also tracked as DaVinci Group and Mercenary Akula, was linked to a spear-phishing campaign against a European financial institution that spoofed a Ukrainian judicial domain, used a PixelDrain-hosted archive, and deployed Remote Manipulator System (RMS) through nested archives and a *.pdf.exe lure; the activity was assessed as likely aimed at intelligence gathering or financial theft and as a possible probe of Ukraine-supporting institutions in Western Europe.

    Show sources