Cyber Attack cyber

Ukrainian Government

Jun 23, 2025 1 min read
Ukrainian Government

Ukrainian government agencies experienced a sophisticated cyberattack orchestrated by the UAC-0001 group, also known as APT28. The attack targeted industrial control systems (ICS) devices running Windows operating systems as servers, specifically the information communication system of a central executive body. The attackers deployed BEARDSHELL and SLIMAGENT malware to establish persistent access and conduct extensive surveillance. The campaign involved social engineering tactics through the Signal messaging platform and demonstrated advanced techniques for penetrating critical infrastructure systems.

Source: https://cybersecuritynews.com/uac-0001-hackers-attacking-ics-devices/

TPRM report: https://scoringcyber.rankiteo.com/company/presidential-administration-of-ukraine

"id": "pre900062325",
"linkid": "presidential-administration-of-ukraine",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"
{'affected_entities': [{'industry': 'Government',
                        'location': 'Ukraine',
                        'name': 'Ukrainian government agencies',
                        'type': 'Government'}],
 'attack_vector': 'Social engineering through Signal messaging platform',
 'date_detected': 'March-April 2024',
 'description': 'Ukrainian government agencies faced a sophisticated '
                'cyberattack campaign orchestrated by the UAC-0001 group '
                '(APT28), targeting industrial control systems (ICS) devices '
                'running Windows operating systems as servers. The attacks '
                'occurred between March and April 2024, using malware tools '
                'BEARDSHELL and SLIMAGENT for persistent access and '
                'surveillance.',
 'impact': {'systems_affected': 'Industrial control systems (ICS) devices '
                                'running Windows operating systems as servers'},
 'initial_access_broker': {'backdoors_established': ['BEARDSHELL', 'SLIMAGENT'],
                           'entry_point': 'Signal messaging platform',
                           'high_value_targets': 'Industrial control systems '
                                                 '(ICS) devices'},
 'motivation': 'State-sponsored cyber warfare',
 'post_incident_analysis': {'root_causes': 'Unidentified person sending '
                                           'malicious document through Signal'},
 'threat_actor': 'UAC-0001 (APT28)',
 'title': 'Sophisticated Cyberattack on Ukrainian Government Agencies by APT28',
 'type': 'Cyberattack',
 'vulnerability_exploited': "Malicious macros in a document titled 'Act.doc'"}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.