UNC4393UNC4393

Also known as: UNC4393 · Storm-1811 · CURLY SPIDER · STAC5777 · Cardinal

Known aliases
5

Profile

UNC4393 is a financially motivated threat actor primarily using BASTA ransomware. They have been active since early 2022 and have targeted over 40 organizations across various industries. UNC4393 has shown a willingness to cooperate with other threat clusters for initial access and has evolved from using existing tools to developing custom malware. They focus on efficient data exfiltration and multi-faceted extortion, often utilizing tools like COGSCAN and RCLONE for reconnaissance and data theft.

Aliases· 5

UNC4393Storm-1811CURLY SPIDERSTAC5777Cardinal

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC3973
Actor
UNC4990
Actor
UNC5537
Actor
UNC4191
Actor
UNC4841
Actor
UNC6395
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.