APT / THREAT GROUP

UNC6032

🇻🇳Vietnam-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

UNC6032 is a threat actor that weaponizes interest in AI tools, specifically targeting users with fake "AI video generator" websites to distribute malware, including Python-based infostealers and backdoors. Victims are typically directed to these sites through malicious social media ads that impersonate legitimate tools. Compromises have led to the exfiltration of sensitive data, including login credentials and credit card information, via the Telegram API. Google Threat Intelligence Group assesses UNC6032 to have a Vietnam nexus.

Threat Analysis

UNC6032 is a known-sophistication threat actor attributed to Vietnam, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

UNC6032 — Active Operations March 2026

UNC6032 is a unknown-motivation threat actor attributed to VN. UNC6032 is a threat actor that weaponizes interest in AI tools, specifically targeting users with fake "AI video generator" websites to distribute malware, including Python-based infostealers and backdoors. Victims are typically directed to these sites through malicious social me...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇻🇳 Vietnam
Aliases1
SourceMalpedia

Also Known As

UNC6032

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.