Menu
Browse

Cyber Threat Actor: @Ug_0Security

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

The threat actor known by the alias @Ug_0Security operates from the United States of America and has been identified as a cybercriminal engaged in the illicit trade of personal data. Public reporting links this handle to a specific breach in which the actor obtained and offered for sale a large dataset belonging to medical professionals. The actor’s presence on underground forums and the nature of the disclosed activity suggest a focus on monetizing stolen information rather than pursuing ideological or state‑aligned goals.

The actor’s targeting appears concentrated on the healthcare sector within the United States, as evidenced by the theft of personal details belonging to approximately 1.41 million US doctors. The compromised data included full names, genders, hospital affiliations, practice addresses, phone numbers, and medical license numbers, indicating a deliberate effort to collect information that could be used for direct contact or social engineering. The strategic objective demonstrated in the reported incident is financial gain, as the actor sold the stolen dataset on a hacker forum, thereby seeking profit from the commodification of the victims’ personal identifiers.

Regarding tactics, techniques, and procedures, the actor’s known activity involves the exfiltration of data from an online healthcare professional directory service and the subsequent distribution of that data via illicit marketplaces. No specific malware families, exploit kits, or intrusion tools are mentioned in the available sources, so the described TTPs are limited to data theft and resale. The initial access vector is not detailed in the reporting, but the outcome—a large‑scale collection of practitioner information—implies a successful breach of the directory service’s security controls.

The most notable publicly reported operation associated with @Ug_0Security occurred on April 11 2020, when the actor offered for sale the personal data of the aforementioned US doctors. This incident highlighted the potential for the stolen information to facilitate smishing campaigns, disinformation efforts, and targeted phishing against healthcare workers during the COVID‑19 pandemic. No further campaigns or affiliations have been documented in the provided material, and no state nexus or criminal consortium linkage has been established for this actor.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources