Google’s Threat Analysis Group (TAG), alongside Mandiant, has released findings on what it suspects is a Russian espionage and influence campaign designed to demotivate Ukrainian soldiers and infect devices with malware. The group has been… Article Source https://www.techradar.com/pro/russian-espionage-mission-to-subvert-ukrainian-conscription-uncovered-by-google-tag
The ArcaneDoor campaign is an example of state-sponsored actors targeting perimeter network devices from various vendors, focusing on espionage. These devices serve as a critical entry point into networks and need regular patching, updated hardware, and close monitoring for security. Identified as UAT4356 by Cisco’s Talos team, the actor utilized backdoors called “Line Runner” and … Read more
In the year 2021, a cyber espionage actor known as UNC3886, suspected to be linked to China, was discovered targeting strategic organizations by exploiting vulnerabilities in FortiOS and VMware to install backdoors on compromised machines. This threat actor demonstrated a sophisticated and evasive nature by deploying multiple layers of organized persistence to maintain access to … Read more
A recent report by Mandiant has revealed that a China-linked cyber espionage actor known as UNC3886 has been exploiting zero-day vulnerabilities in Fortinet, Ivanti, and VMware devices. This threat actor has been using multiple persistence mechanisms to maintain access to compromised environments, including network devices, hypervisors, and virtual machines. The attacks orchestrated by UNC3886 have … Read more
US national security officials have reportedly issued warnings to tech companies like Google and Meta about the potential risk of Chinese-controlled repair ships tampering with undersea Internet cables. Specifically, concerns have been raised about undersea fiber optic cables in the Pacific Ocean, some of which are owned by big tech companies and used for data … Read more
UNC3886: Chinese Cyber Espionage Group Exploits Critical VMware Vulnerability Chinese cyber espionage group UNC3886 has reportedly been exploiting a critical security vulnerability in VMware’s vCenter Server since late 2021. As per the report furnished by cybersecurity firm Mandiant, this significant vulnerability, identified as CVE-2023-34048, was acknowledged and patched by VMware in October. The severity rating … Read more
While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021. These findings stem from Mandiant’s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to have … Read more