UNC4990UNC4990

Also known as: UNC4990

Known aliases
1

Profile

UNC4990 is a financially motivated threat actor that has been active since at least 2020. They primarily target users in Italy and rely on USB devices for initial infection. The group has evolved their tactics over time, using encoded text files on popular websites like GitHub and Vimeo to host payloads. They have been observed using sophisticated backdoors like QUIETBOARD and EMPTYSPACE, and have targeted organizations in various industries, particularly in Italy.

Aliases· 1

UNC4990

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC4191
Actor
UNC4393
Actor
UNC4841
Actor
UNC6691
Actor
UNC4540
Actor
UNC3890
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.