Ukraine Targeted by Chinese Threat Actor Group, Scarab
March 25th, 2022: Ukraine Targeted by Chinese Threat Actor Group, Scarab
Ukraine's Computer Emergency Response Team (CERT-UA) alerts of cyber activity involving a Chinese threat actor which SentinelLabs has attributed to as Scarab (CERT-UA, labels the group as UAC-0026). The threat group has been active since 2012. The activity from Scarab marks the first sign of Chinese threat actor activity against Ukraine since the Russian invasion began. Previous threat activity from the group targeted various users in Russia and the United States. Identified in the CERT-UA alert is a RAR file archive that translates to “the preservation of video recordings of criminal actions of the army of the Russian Federation.rar.” The malicious archive when open provides a lure document, DLL file with a .dat file extension and a batch file. Currently, it is unknown what Scarab/UAC-0026 threat objectives are.