From c0fd66e3cd7e3c76fff3afade1bb6a6f834a991c Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 14:47:12 +0100
Subject: [PATCH] [threat-actors] Add UAC-0094

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index de791d96..d3bbbf88 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12659,6 +12659,18 @@
       },
       "uuid": "d0e1811e-53f9-48b5-b2ef-107e0f53239b",
       "value": "UserSec"
+    },
+    {
+      "description": "State Service of Special Communication and Information Protection of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts. The Ukrainian CERT attributes the hacking campaign to threat actors tracked as UAC-0094. Threat actors are targeting Telegram users by sending Telegram messages with malicious links to the Telegram website in order to gain unauthorized access to the records and transfer a one-time code from SMS.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://cert.gov.ua/article/39253",
+          "https://vulners.com/thn/THN:4C1C2CD10F20E08DD74D465450DF3F17?utm_source=rss&utm_medium=rss&utm_campaign=rss"
+        ]
+      },
+      "uuid": "def3c4e4-9d59-478f-8895-d3850cfa99c3",
+      "value": "UAC-0094"
     }
   ],
   "version": 292