UAT-9221
UAT-9221 is a threat actor designation used by Cisco Talos for a newly discovered actor. Talos reports that UAT-9221 has leveraged the VoidLink framework in its campaigns. Talos assesses the actor’s activity may date back to 2019, including activity that predates its observed use of VoidLink. No additional details on targeting, victimology, tooling beyond VoidLink, or specific TTPs are provided in the available content. Known alias: UAT-9221.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Associated malware families
1 malware family attributed to this actor across reporting.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Newly reported activity cluster observed by Cisco Talos leveraging the VoidLink framework in campaigns; assessed activity potentially dating back to 2019 (including possible operations prior to adopting VoidLink).
Newly identified activity cluster observed by Cisco Talos conducting campaigns leveraging VoidLink; activity possibly dating back to 2019 (including operations predating use of VoidLink).
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.