UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
Summary
A newly discovered threat actor, UAT-9921, is using a modular malware framework called VoidLink to target the technology and financial services sectors. The threat actor has been active since 2019, though it is unknown if they have been using VoidLink for the entire duration.
IFF Assessment
A new threat actor deploying a new malware framework increases the attack surface for defenders.
Severity
Defender Context
Defenders should be aware of UAT-9921's tactics, techniques, and procedures (TTPs) and the capabilities of the VoidLink malware. Modular malware frameworks allow attackers to adapt their attacks quickly, so monitoring for unusual network activity and endpoint behavior is critical. The targeting of technology and financial sectors suggests a desire for intellectual property or financial gain.