UNG0901UNG0901

Also known as: Operation CargoTalon · Unknown-Group-901 · UNG0901

Known aliases
3

Profile

UNG0901 is a cyber-espionage threat actor targeting Russian entities, particularly in the aerospace and defense sectors, utilizing spear-phishing tactics. They deploy the EAGLET backdoor, which exhibits functionalities similar to the Golang-based PhantomDL used by the Head Mare group, including shell, download, and upload capabilities. Notable overlaps in file-naming conventions and targeting strategies further reinforce the connection between UNG0901 and Head Mare.

Aliases· 3

Operation CargoTalonUnknown-Group-901UNG0901

References

  1. https://www.seqrite.com/blog/operation-cargotalon-ung0901-targets-russian-aerospace-defense-sector-using-eaglet-implant/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNG0002
Actor
APT9
Actor
Head Mare
Actor
UAC-0102
Actor
UAC-0185
Actor
UAC-0194
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.