Cyber Threat Actor: UNC2546
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
0 incidents |
|---|
Profile
UNC2546 is a threat actor observed operating on Russian-language hacker forums, offering unauthorized access to sensitive US-based systems for financial gain. This actor advertised access to a military satellite operated by Maxar Technologies, a Colorado-based space technology company specializing in communication and Earth observation satellites, for $15,000. The listing claimed potential visibility into US military and strategic positioning, though the authenticity remained unverified. Concurrently, UNC2546 offered access to AT&T corporate email accounts for $7,000, explicitly noting the compromise included disabled two-factor authentication (2FA) protections. Both listings utilized Escrow services to facilitate transactions, suggesting an attempt to establish credibility for the sales.
The actor’s targeting focuses on US critical infrastructure sectors, specifically space technology and telecommunications, with objectives centered on monetizing system access. UNC2546’s tradecraft includes disabling security measures like 2FA to maintain persistent access to compromised accounts. The satellite and email access sales represent the actor’s primary publicly reported operations, aligning with broader trends of Russian forum activity involving US military and corporate assets. No explicit state affiliations or collaborative ties were disclosed in the reported incidents. Maxar Technologies and AT&T were urged to investigate potential breaches, underscoring the operational security risks posed by such access sales to national security and corporate integrity.
