Cyber Threat Actor: UNC215
| Actor Type | Location | Known Incidents |
Criminal
|
Iran
|
0 incidents |
|---|
Profile
UNC215 is a threat actor operating under the alias 'Satan,' as indicated by a Twitter handle linked to their activities. Public reporting associates this group with Iran. Their operations have primarily targeted Nepalese entities across multiple sectors, including domain registry services, financial remittance providers, food delivery platforms, internet service providers, government agencies, utilities, e-commerce, media, cultural institutions, and agricultural offices. The group's strategic objectives center on disruption, demonstrated through unauthorized system access and public threats to critical infrastructure.
The actor compromised Nepal's .np domain registry by exploiting stolen personal data from Foodmandu, Vianet Communications, and Prabhu Remit customers. This breach enabled unauthorized access to Mercantile Communications' domain server, though the company asserted most exposed data was publicly accessible via 'whois' queries. UNC215 publicly disclosed security flaws in the .np infrastructure before claiming responsibility for the attack, prompting temporary suspension of new domain registrations. The group issued threats against additional targets, including Nepal Electricity Authority's billing and grid systems, Daraz Nepal, Kantipur Publication, and several government bodies. While these threats emphasized disruptive intent, no confirmed breaches of these secondary targets were documented in available reporting. Their tactics leveraged credential exploitation and public communication channels to amplify psychological impact.
