The DaVinci Group
| Actor Type | Commercial Provider |
|---|---|
| Attributed to Nation | Russia |
| Associated Intrusion Sets | UAC-0050 |
According to public reporting, The DaVinci Group is the real world threat actor behine the UAC-0050 intrusion set. The DaVinci Group are identified as a Russian-speaking mercenary organization linked to Russian law enforcement. They have been active since at least 2017, targeting Ukrainian organizations with malspam campaigns since the Russian invasion of Ukraine in 2022. CERT-UA has attributed at least 15 malspam campaigns to them, suggesting they act as initial access brokers for more serious threat groups.
The group employs low-effort but effective tactics, using off-the-shelf crimeware and legitimate RMM (remote management and monitoring) tools. Notably, they have low operational security, advertising their services on social media and cybercrime forums. Their services range from hacking accounts to accessing CCTV cameras, often paid for in Bitcoin.
Cyber Threat Graph Context
Explore how this cyber threat actor relates to the wider threat graph