[threat-actors] Add UAC-0118

2024-11-22 23:07:19 +00:00 · 2023-12-06 17:42:33 -08:00 · 2023-12-06 17:42:33 -08:00 · 228bbcc21d
commit 228bbcc21d
parent cf7cdcbc2b
1 changed files with 16 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -13728,6 +13728,22 @@
      },
      "uuid": "e883458d-496f-4a94-b916-4b7b83e3d525",
      "value": "DEV-0569"
+    },
+    {
+      "description": "From Russia with Love, is a threat actor group that emerged during the Russia-Ukraine war in 2022. They primarily engage in DDoS attacks and have targeted critical infrastructure, media, energy, and government entities. FRwL has been linked to the use of the Somnia ransomware, which they employ as a wiper rather than for financial gain. While there is no direct evidence linking FRwL to the Russian Main Intelligence Directorate, it is possible that they coordinate activities with state-aligned hacktivist groups.",
+      "meta": {
+        "refs": [
+          "https://socprime.com/blog/somnia-malware-detection-uac-0118-aka-frwl-launches-cyber-attacks-against-organizations-in-ukraine-using-enhanced-malware-strains/",
+          "https://spixnet.at/cybersecurity-blog/2022/11/15/russian-hacktivists-hit-ukrainian-orgs-with-ransomware-but-no-ransom-demands/",
+          "https://outpost24.com/blog/ics-attack-classifications/"
+        ],
+        "synonyms": [
+          "FRwL",
+          "FromRussiaWithLove"
+        ]
+      },
+      "uuid": "d869486a-ec70-4a74-897e-31aa7b3df48d",
+      "value": "UAC-0118"
    }
  ],
  "version": 295