UNC4393 is a threat actor, also known as Storm-1811, STAC5777, CURLY SPIDER. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does UNC4393 exploit?

Specific CVE exploitation data for UNC4393 is being tracked. Check the Strobes VI threat actor profile for updates.

UNC4393

Also known as: Storm-1811, STAC5777, CURLY SPIDER, Cardinal

Exploited CVEs

Overview

UNC4393 is a financially motivated threat actor primarily using BASTA ransomware. They have been active since early 2022 and have targeted over 40 organizations across various industries. UNC4393 has shown a willingness to cooperate with other threat clusters for initial access and has evolved from using existing tools to developing custom malware. They focus on efficient data exfiltration and multi-faceted extortion, often utilizing tools like COGSCAN and RCLONE for reconnaissance and data theft.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database