From 4cabbe3bc9745b60f3f3d105cf0c98205d4cb2a0 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Tue, 18 Jun 2024 04:51:30 -0700 Subject: [PATCH] [threat-actors] Add UAC-0020 --- clusters/threat-actor.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 93f8fa6..1411806 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16155,6 +16155,23 @@ }, "uuid": "78e8bc1a-0be3-4792-a911-9d4813dd7bc3", "value": "Bondnet" + }, + { + "description": "Vermin is a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin. They have targeted Ukrainian government infrastructure using malware like Spectr and legitimate tools like SyncThing for data exfiltration. Vermin has been active since at least 2018, using custom-made RATs like Vermin and open-source tools like Quasar for cyber-espionage. The group has resurfaced after periods of inactivity to conduct espionage operations against Ukraine's military and defense sectors.", + "meta": { + "country": "RU", + "refs": [ + "https://socprime.com/blog/vermin-uac-0020-hacking-collective-hits-ukrainian-government-and-military-with-spectr-malware/", + "https://therecord.media/russian-vermin-hackers-target-ukraine", + "https://cert.gov.ua/article/6279600" + ], + "synonyms": [ + "Vermin", + "SickSync" + ] + }, + "uuid": "318be739-26fd-4f4d-bac8-aa20ec8273b7", + "value": "UAC-0020" } ], "version": 310