Menu
Browse

Cyber Threat Actor: UNC1945

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Hacker
0 incidents
Profile

UNC1945, operating under the alias Cercle Pasteur Gymnastique, is a threat actor observed engaging in the sale of high-value network access on Russian-language cybercrime forums. The group advertised unauthorized access to a Maxar Technologies military satellite in 2023, claiming potential visibility into U.S. military and strategic positioning, with the access priced at $15,000. This offering included an escrow service to facilitate trust in the transaction. Concurrently, UNC1945 marketed compromised AT&T corporate email accounts for $7,000, explicitly noting the disabling of two-factor authentication (2FA) protections on these accounts to enable further exploitation. These activities demonstrate a focus on critical infrastructure sectors—specifically aerospace/defense and telecommunications—with potential dual-use objectives spanning both intelligence gathering and financial gain.

The actor’s operations align with broader patterns of Russian forum-based cybercrime, where access to Western critical systems is commoditized. UNC1945’s satellite access claim, while unverified, targeted Maxar’s capabilities in Earth observation and communications, suggesting an interest in geospatial intelligence or disruption of space-based assets. The parallel sale of AT&T email access indicates diversification across sectors, leveraging compromised credentials to enable corporate espionage or secondary attacks. The group’s use of escrow services mirrors established criminal tradecraft, emphasizing transactional reliability rather than technical sophistication in initial access. No specific malware or intrusion vectors were detailed in reporting, though the disabling of 2FA implies credential-based attacks or insider threats rather than exploits.

Public reporting does not attribute UNC1945 to a state nexus or criminal consortium, positioning it as an independent actor within the Russian cybercrime ecosystem. The group’s activities reflect opportunistic targeting of high-impact entities, with the Maxar and AT&T incidents representing its most visible operations. While UNC1945’s strategic objectives remain unconfirmed, the combination of military satellite access and telecommunications breaches indicates a dual focus on intelligence value and monetization, consistent with actors seeking to profit from both state and criminal buyers. The absence of claimed destructive payloads or ransomware deployment distinguishes UNC1945 from purely financially motivated groups, suggesting a more specialized role in access brokerage.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
23 sources