| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNC5537 is a financially motivated threat actor targeting Snowflake customer databases. They use stolen credentials obtained from infostealer malware to access and exfiltrate large volumes of data. The compromised accounts lack multi-factor authentication, allowing UNC5537 to conduct data theft and extortion.
| 2025-08-28
⋅
Defentive
⋅
The Phantom Threat: Inside UNC5518’s Invisible Empire of MetaStealer Operations MetaStealer |
| 2024-06-17
⋅
Checkpoint
⋅
17th June – Threat Intelligence Report Sp1d3r UNC5537 |
| 2024-06-10
⋅
Mandiant
⋅
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion Lumma Stealer MetaStealer Raccoon RedLine Stealer RisePro Vidar UNC5537 |
| 2023-12-28
⋅
Russian Panda Research Blog
⋅
MetaStealer Part 2, Google Cookie Refresher Madness and Stealer Drama MetaStealer |
| 2023-12-08
⋅
Medium g0njxa
⋅
Approaching stealers devs : a brief interview with Meta MetaStealer |
| 2023-11-20
⋅
Russian Panda Research Blog
⋅
MetaStealer - Redline's Doppelgänger MetaStealer RedLine Stealer |
| 2023-05-09
⋅
Medium walmartglobaltech
⋅
MetaStealer string decryption and DGA overview MetaStealer |
| 2022-12-05
⋅
Accenture
⋅
Popularity spikes for information stealer malware on the dark web MetaStealer Rhadamanthys |
| 2022-08-29
⋅
Sekoia
⋅
Traffers: a deep dive into the information stealer ecosystem MetaStealer PrivateLoader Raccoon RedLine Stealer Vidar |
| 2022-07-13
⋅
KELA
⋅
The Next Generation of Info Stealers Arkei Stealer Azorult BlackGuard Eternity Stealer Ginzo Stealer Mars Stealer MetaStealer Raccoon RedLine Stealer Vidar |
| 2022-05-20
⋅
nccgroup
⋅
Metastealer – filling the Racoon void MetaStealer |
| 2022-04-06
⋅
InfoSec Handlers Diary Blog
⋅
Windows MetaStealer Malware MetaStealer |