From 49093ecf161bd7406284939fa0eebda2b7b7ee2b Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 24 Jul 2024 03:39:38 -0700
Subject: [PATCH] [threat-actors] Add UAC-0063

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1a044f0..ae20855 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16412,6 +16412,17 @@
       },
       "uuid": "8f31b9b1-44c9-4b7f-b850-7cf02c306e25",
       "value": "Threat Actor 888"
+    },
+    {
+      "description": "UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They utilize keyloggers, backdoors, and malware like Hatvibe and Cherryspy to compromise systems and exfiltrate sensitive information. The group has been active since at least 2021 and has shown interest in targeting organizations in Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India. Their TTPs include spear-phishing campaigns and exploiting vulnerabilities in software products like HFS HTTP File Server and Rejetto file-sharing servers.",
+      "meta": {
+        "refs": [
+          "https://socprime.com/blog/uac-0063-attack-detection-hackers-target-ukrainian-research-institutions-using-hatvibe-cherryspy-and-cve-2024-23692/",
+          "https://cert.gov.ua/article/4697016"
+        ]
+      },
+      "uuid": "9565bf78-7c9c-41cd-9ed0-58031f6d8978",
+      "value": "UAC-0063"
     }
   ],
   "version": 312