SYMBOLCOMMON_NAMEaka. SYNONYMS

UAC-0020  (Back to overview)

aka: SickSync, Vermin

Vermin is a threat actor group linked to the Luhansk People’s Republic and believed to be acting on behalf of the Kremlin. They have targeted Ukrainian government infrastructure using malware like Spectr and legitimate tools like SyncThing for data exfiltration. Vermin has been active since at least 2018, using custom-made RATs like Vermin and open-source tools like Quasar for cyber-espionage. The group has resurfaced after periods of inactivity to conduct espionage operations against Ukraine's military and defense sectors.


Associated Families

There are currently no families associated with this actor.


References
2024-06-07The RecordDaryna Antoniuk
Russia-linked Vermin hackers target Ukrainian military in new espionage campaign
UAC-0020
2024-06-05Cert-UACert-UA
UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR SPZ in tandem with the legitimate SyncThing ("SickSync" campaign) (CERT-UA#9934)
UAC-0020
2022-03-21SOC PrimeAndrii Bezverkhyi
Vermin (UAC-0020) Hacking Collective Hits Ukrainian Government and Military with SPECTR Malware
Vermin UAC-0020

Credits: MISP Project