Uptime Hamster: 0d 0h 0mDeploy: 5 Jul 2026 10:25Updated: 2026-07-10
Logo del actor de amenaza UAC-0020

UAC-0020

0 incidentes 0 paises 0 sectores apt UA Ultimo: -
Aliases: SickSync, Vermin
Ver en IntelTracker → APTTrail →
UAC-0020, also known by its aliases Vermin and SickSync, is a cyber-espionage threat actor linked to the security agencies of the Luhansk People's Republic and believed to operate under the direction of the Moscow government, actively participating in Russia's cyber warfare against Ukraine. The group first emerged with observed activity tracing back to October 2015, and its primary motivation is intelligence gathering and cyber-espionage against Ukrainian entities, including military, governmental, and critical infrastructure sectors. This group is distinct for its persistent use of spear-phishing campaigns combined with custom malware like SPECTR and repurposed legitimate tools such as SyncThing for data exfiltration, often returning after periods of inactivity to conduct new operations.

Aliases del actor

SickSyncVermin

Actores similares

uac-0008actor · 1UAC-0194apt · 0UAC-0185apt · 0UAC-0219apt · 0UAC-0149apt · 0UAC-0215apt · 0UAC-0006apt · 0UAC-0226apt · 0Guacamayaapt · 0UAC-0063apt · 0
Tecnicas MITRE
T1113, T1083, T1059.001, T1555, T1078.003, T1218 - Signed Binary Proxy Execution
CVEs relacionadas
CVE-2025-31324, CVE-2025-30406, CVE-2025-2857, CVE-2025-2825, CVE-2025-27363, CVE-2025-23120
Tipo
apt
Pais origen
UA
Motivacion
-
Impacto
46
Actualizado
Tue, 09 Ju

Sectores objetivo (SOCRadar)

Public AdministrationJustice & Safety ActivitiesNational Security&International AffairsPeriodical PublishersData Processing, Hosting, and Related ServicesComputer Systems Design and Related ServicesEmployment Placement Agencies and Executive Search ServicesNational SecurityComputer Systems Design Services