From 9756306d987f6d3793171350b54598d638b224a4 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:01:57 -0800
Subject: [PATCH] [threat-actors] Add UNC4990

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 67981aca..370cd32d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14242,6 +14242,17 @@
       },
       "uuid": "3ce9610b-2435-4c41-80d1-3f95a5ff2984",
       "value": "Mustard Tempest"
+    },
+    {
+      "description": "UNC4990 is a financially motivated threat actor that has been active since at least 2020. They primarily target users in Italy and rely on USB devices for initial infection. The group has evolved their tactics over time, using encoded text files on popular websites like GitHub and Vimeo to host payloads. They have been observed using sophisticated backdoors like QUIETBOARD and EMPTYSPACE, and have targeted organizations in various industries, particularly in Italy.",
+      "meta": {
+        "country": "IT",
+        "refs": [
+          "https://www.mandiant.com/resources/blog/unc4990-evolution-usb-malware"
+        ]
+      },
+      "uuid": "7db46444-2d27-4922-8a21-98f8509476dc",
+      "value": "UNC4990"
     }
   ],
   "version": 298