| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNC4990 is a financially motivated threat actor that has been active since at least 2020. They primarily target users in Italy and rely on USB devices for initial infection. The group has evolved their tactics over time, using encoded text files on popular websites like GitHub and Vimeo to host payloads. They have been observed using sophisticated backdoors like QUIETBOARD and EMPTYSPACE, and have targeted organizations in various industries, particularly in Italy.
There are currently no families associated with this actor.
| 2024-01-30
⋅
Mandiant
⋅
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths QUIETBOARD Vetta Loader UNC4990 |