Uncovering Espionage Operations
Essential information
- Published
- 24/06/2024 07:58
- Modified
- 24/06/2024 08:23
- Tags
- 2024-06-24 CVE-2022-22948 CVE-2022-41328 CVE-2022-42475 CVE-2023-20867 CVE-2023-34048 espionage rootkit supply-chain virtualsphere zero-day
- Related entities
- 5 vulnerabilities (cve), 39 observables, 1 intrusion sets (apt), 14 techniques (mitre), 7 malware
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (5)
VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail …
- Attack vector
- Local
- Published
- 23/06/2023
- Modified
- 21/12/2025
Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI …
- Attack vector
- Local
- Published
- 14/03/2023
- Modified
- 21/12/2025
VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.
- Published
- 17/07/2024
- Modified
- 21/12/2025
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote …
- Attack vector
- Network
- Published
- 22/01/2024
- Modified
- 21/12/2025
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 13/12/2022
- Modified
- 20/12/2025
Observables (39)
-
number.rs -
cron.data -
1893523f2a4d4e7905f1b688c5a81b069f06b3c3d8c0ff9d16620468d117edbb
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (14)
Malware (7)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Family The MITRE Corporation Confidence 100
[VIRTUALPIE](https://attack.mitre.org/software/S1218) is a lightweight backdoor written in Python that spawns an IPv6 listener on a VMware ESXi server and features command line execution, file transfer, and reverse shell…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Family The MITRE Corporation Confidence 100
[RIFLESPINE](https://attack.mitre.org/software/S1222) is a cross-platform backdoor that leverages Google Drive for file transfer and command execution.(Citation: Google Cloud Mandiant UNC3886 2024)
First seen 01/01/1970 · Last seen 16/11/5138 · -
Family The MITRE Corporation Confidence 100
[MOPSLED](https://attack.mitre.org/software/S1221) is a shellcode-based modular backdoor that has been used by China-nexus cyber espionage actors including [UNC3886](https://attack.mitre.org/groups/G1048) and [APT41](https://attack.mitre.org/groups/G0096).(Citation: Google Cloud Mandiant UNC3886 2024)
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[MEDUSA](https://attack.mitre.org/software/S1220) is an open-source rootkit that is capable of dynamic linker hijacking, command execution, and logging credentials.(Citation: Google Cloud Mandiant UNC3886 2024)
First seen 01/01/1970 · Last seen 16/11/5138 · -
Family The MITRE Corporation Confidence 100
[REPTILE](https://attack.mitre.org/software/S1219) is an open-source Linux rootkit with multiple components that provides backdoor access and functionality.(Citation: Google Cloud Mandiant UNC3886 2024)
First seen 01/01/1970 · Last seen 16/11/5138 ·