Widely attributedUnknown

TEMP.Vermin

Russia-linked threat group targeting Ukrainian government entities using the Quasar RAT and custom malware. Associated with Ukrainian conflict targeting since at least 2018.

Compare attribution across sources →

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

0.8

Low signal strength

Mentions1

Sources1

High conf.0

Last seenMay 2026

First observed

—

Last active

—

Origin

Russia

Aliases

Techniques

Campaigns

Russia

TargetsGovernmentMilitary

RegionsUkraine

Attribution signals

1 mention · 1 source

#1linkedmoderate

HUMINT

mandiant

May 2026

"TEMP.Vermin, an espionage actor whose activity Ukraine's Computer Emergency Response Team (CERT-UA) has linked to security agencies of the so-called Luhansk People's Republic (LPR, also rendered as LNR)"

Hedge terms observed

linked