Unc3810

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
UNC3810 is a malware identified and tracked by cybersecurity firm Mandiant, notorious for its deployment of CaddyWiper in October 2022. This malicious software is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. The threat actor, initially tracked as UNC3810 before being merged with Sandworm, has been associated with Russia's Main Intelligence Directorate (GRU) since 2009, primarily targeting Ukraine. It employs OT-level living off the land (LotL) techniques, which involve using legitimate tools already present on the target system to carry out malicious activities. A significant incident involving UNC3810 occurred when the 'CyberArmyofRussia_Reborn' persona boasted about a wiper attack on Telegram, claiming responsibility for the disruptive operation. The attack was allegedly perpetrated by a GRU operator codenamed UNC3810, utilizing the CaddyWiper malware. However, due to a series of operator errors, UNC3810 was unable to complete the wiper attack before the boastful Telegram post, indicating premature celebration. Mandiant's investigation revealed that the 'CyberArmyofRussia_Reborn' significantly exaggerated the success of the wiper attack. Technical artifacts from UNC3810’s intrusion indicate that the attack was not as successful as claimed. The Telegram post, in fact, preceded CaddyWiper's execution by 35 minutes, thereby undermining CyberArmyofRussia_Reborn's repeated claims of independence from the GRU. These findings highlight the complex relationship between UNC3810, the GRU, and the 'CyberArmyofRussia_Reborn', revealing a web of misinformation and cyber warfare.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sandworm
2
Sandworm, a threat actor linked to Russia, has been identified as a significant cybersecurity risk. Known for its sophisticated and malicious activities, Sandworm has notably compromised 11 Ukrainian telecommunications providers, disrupting services and posing a substantial threat to the digital inf
CaddyWiper
2
CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip
Cyberarmyofrussia_reborn
2
CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telegram
Mandiant
Wiper
Malware
LOTL
Ukraine
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Caddywiper Wiper MalwareUnspecified
1
None
Unc3810’s WiperUnspecified
1
None
Source Document References
Information about the Unc3810 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Mandiant tackles destructive Sandworm cyber attack on Ukrainian infrastructure
InfoSecurity-magazine
8 months ago
Russian APT Sandworm Disrupted Power in Ukraine Using OT Techniques
CERT-EU
a year ago
Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine
BankInfoSecurity
9 months ago
Ukrainian Telcos Targeted by Suspected Sandworm Hackers
BankInfoSecurity
8 months ago
Ukraine Tracks a Record Number of Cyber Incidents During War