RU

UAC-0020UAC-0020

Also known as: Vermin · SickSync · UAC-0020

Origin
RU
Known aliases
3

Profile

Vermin is a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin. They have targeted Ukrainian government infrastructure using malware like Spectr and legitimate tools like SyncThing for data exfiltration. Vermin has been active since at least 2018, using custom-made RATs like Vermin and open-source tools like Quasar for cyber-espionage. The group has resurfaced after periods of inactivity to conduct espionage operations against Ukraine's military and defense sectors.

Aliases· 3

VerminSickSyncUAC-0020

References

  1. https://socprime.com/blog/vermin-uac-0020-hacking-collective-hits-ukrainian-government-and-military-with-spectr-malware/
  2. https://therecord.media/russian-vermin-hackers-target-ukraine
  3. https://cert.gov.ua/article/6279600

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UAC-0219
Actor
UAC-0050
Actor
UAC-0185
Actor
UAC-0102
Actor
UAC-0063
Actor
UAC-0215
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.