March 25, 2022

March 25th, 2022: Ukraine Targeted by Chinese Threat Actor Group, Scarab

Industry: N/A | Level: Tactical | Source: SentinelOne

Ukraine’s Computer Emergency Response Team (CERT-UA) alerts of cyber activity involving a Chinese threat actor which SentinelLabs has attributed to as Scarab (CERT-UA, labels the group as UAC-0026). The threat group has been active since 2012. The activity from Scarab marks the first sign of Chinese threat actor activity against Ukraine since the Russian invasion began. Previous threat activity from the group targeted various users in Russia and the United States. Identified in the CERT-UA alert is a RAR file archive that translates to “the preservation of video recordings of criminal actions of the army of the Russian Federation.rar.” The malicious archive when open provides a lure document, DLL file with a .dat file extension and a batch file. Currently, it is unknown what Scarab/UAC-0026 threat objectives are.

  • Anvilogic Use Cases:
    • Compressed File Execution
    • Malicious Document Execution
    • Executable File Written to Disk
    • Executable Create Script Process
    • New AutoRun Registry Key