In a recent cybersecurity threat, hackers identified as UNC3886 have been using Linux rootkits to conceal their presence on VMware ESXi virtual machines (VMs). This method allows the hackers to remain undetected while gaining unauthorized access to sensitive information. Rootkits are a type of malware that hide their presence within a system, making it difficult … Read more
In the year 2021, a cyber espionage actor known as UNC3886, suspected to be linked to China, was discovered targeting strategic organizations by exploiting vulnerabilities in FortiOS and VMware to install backdoors on compromised machines. This threat actor demonstrated a sophisticated and evasive nature by deploying multiple layers of organized persistence to maintain access to … Read more
A Chinese threat actor known as UNC3886 has been using open source rootkits Reptile and Medusa to hide on VMware ESXi virtual machines while stealing credentials and executing commands. Mandiant has been tracking UNC3886’s activities against government organizations, including attacks exploiting zero-day vulnerabilities in Fortinet and VMware products. UNC3886 has recently targeted organizations in North … Read more
UNC3886: Chinese Cyber Espionage Group Exploits Critical VMware Vulnerability Chinese cyber espionage group UNC3886 has reportedly been exploiting a critical security vulnerability in VMware’s vCenter Server since late 2021. As per the report furnished by cybersecurity firm Mandiant, this significant vulnerability, identified as CVE-2023-34048, was acknowledged and patched by VMware in October. The severity rating … Read more
While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021. These findings stem from Mandiant’s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to have … Read more