SYMBOLCOMMON_NAMEaka. SYNONYMS

UNC5537  (Back to overview)


UNC5537 is a financially motivated threat actor targeting Snowflake customer databases. They use stolen credentials obtained from infostealer malware to access and exfiltrate large volumes of data. The compromised accounts lack multi-factor authentication, allowing UNC5537 to conduct data theft and extortion.


Associated Families
win.metastealer

References
2025-08-28DefentiveDefentive Threat Research
The Phantom Threat: Inside UNC5518’s Invisible Empire of MetaStealer Operations
MetaStealer
2024-06-17CheckpointCheckpoint
17th June – Threat Intelligence Report
Sp1d3r UNC5537
2024-06-10MandiantMandiant
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
Lumma Stealer MetaStealer Raccoon RedLine Stealer RisePro Vidar UNC5537
2023-12-28Russian Panda Research BlogRussianPanda
MetaStealer Part 2, Google Cookie Refresher Madness and Stealer Drama
MetaStealer
2023-12-08Medium g0njxag0njxa
Approaching stealers devs : a brief interview with Meta
MetaStealer
2023-11-20Russian Panda Research BlogRussianPanda
MetaStealer - Redline's Doppelgänger
MetaStealer RedLine Stealer
2023-05-09Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
MetaStealer string decryption and DGA overview
MetaStealer
2022-12-05AccenturePaul Mansfield, Thomas Willkan
Popularity spikes for information stealer malware on the dark web
MetaStealer Rhadamanthys
2022-08-29SekoiaLivia Tibirna, Quentin Bourgue, Threat & Detection Research Team
Traffers: a deep dive into the information stealer ecosystem
MetaStealer PrivateLoader Raccoon RedLine Stealer Vidar
2022-07-13KELAKELA Cyber Intelligence Center
The Next Generation of Info Stealers
Arkei Stealer Azorult BlackGuard Eternity Stealer Ginzo Stealer Mars Stealer MetaStealer Raccoon RedLine Stealer Vidar
2022-05-20nccgroupPeter Gurney
Metastealer – filling the Racoon void
MetaStealer
2022-04-06InfoSec Handlers Diary BlogBrad Duncan
Windows MetaStealer Malware
MetaStealer

Credits: MISP Project