| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNC5537 is a financially motivated threat actor targeting Snowflake customer databases. They use stolen credentials obtained from infostealer malware to access and exfiltrate large volumes of data. The compromised accounts lack multi-factor authentication, allowing UNC5537 to conduct data theft and extortion.
There are currently no families associated with this actor.
| 2024-06-17
⋅
Checkpoint
⋅
17th June – Threat Intelligence Report Sp1d3r UNC5537 |
| 2024-06-10
⋅
Mandiant
⋅
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion Lumma Stealer MetaStealer Raccoon RedLine Stealer RisePro Vidar UNC5537 |