UNC6032

Also known as: UNC6032

UNC6032 is a threat actor that weaponizes interest in AI tools, specifically targeting users with fake β€œAI video generator” websites to distribute malware, including Python-based infostealers and backdoors. Victims are typically directed to these sites through malicious social media ads that impersonate legitimate tools. Compromises have led to the exfiltration of sensitive data, including login credentials and credit card information, via the Telegram API. Google Threat Intelligence Group assesses UNC6032 to have a Vietnam nexus.

🌍 Country Vietnam

Introduction

UNC6032 is a threat actor that weaponizes interest in AI tools, specifically targeting users with fake β€œAI video generator” websites to distribute malware, including Python-based infostealers and backdoors. Victims are typically directed to these sites through malicious social media ads that impersonate legitimate tools. Compromises have led to the exfiltration of sensitive data, including login credentials and credit card information, via the Telegram API. Google Threat Intelligence Group assesses UNC6032 to have a Vietnam nexus.

Activities and Tactics

Country of Origin: πŸ‡»πŸ‡³ Vietnam

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Backdoor.Oldrea

Attribution and Evidence

Country of Origin: Vietnam Additional attribution information pending cataloguing.

References

References pending cataloguing.