07 December 2023
New UAC-0056 activity: There’s a Go Elephant in the room
UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia. The group is known to have performed a wiper attack in January 2022 on multiple Ukrainian government computers and websites. Earlier in March, Cert-UA reported UAC0056 activity that targeted state organizations in Ukraine using malicious implants called GrimPlant, GraphSteel as well as CobaltStrike Beacon. Following up with that campaign, SOCPRIME and SentinelOne have reported some similar activities associated with this actor.
Read more about it: here