RU

UNK_AcademicFlareUNK_AcademicFlare

Also known as: UNK_AcademicFlare

Origin
RU
Known aliases
1

Profile

UNK_AcademicFlare is a suspected Russia-aligned threat actor that conducts device code phishing campaigns by leveraging compromised email addresses from government and military organizations. The actor engages in rapport building through benign outreach, ultimately leading to a phishing attempt via a Cloudflare Worker URL that spoofs a OneDrive account. Targeted sectors include government, think tanks, higher education, and transportation in the U.S. and Europe, with a focus on Russia and Ukraine-themed content. Their tactics include using compromised accounts for initial contact and employing device code phishing techniques to extract credentials.

Aliases· 1

UNK_AcademicFlare

References

  1. https://www.proofpoint.com/us/blog/threat-insight/access-granted-phishing-device-code-authorization-account-takeover

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNK_RemoteRogue
Actor
UAC-0215
Actor
UTA0352
Actor
UAC-0241
Actor
UTA0355
Actor
UAC-0194
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.