Uncovering Espionage Operations
Essential information
- Published
- 24/06/2024 07:58
- Modified
- 24/06/2024 08:23
- Tags
- 2024-06-24 CVE-2022-22948 CVE-2022-41328 CVE-2022-42475 CVE-2023-20867 CVE-2023-34048 espionage rootkit supply-chain virtualsphere zero-day
- Related entities
- 5 vulnerabilities (cve), 39 observables, 1 intrusion sets (apt), 14 techniques (mitre), 7 malware
Description
This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886. The report unveils the group's sophisticated exploitation of zero-day vulnerabilities and their deployment of rootkits like REPTILE and MEDUSA for persistent system access. It explores their use of malware leveraging trusted third-party services for command and control, as well as their techniques for credential theft, including backdoored applications and targeting TACACS+ authentication servers. The group's operations spanned strategic global organizations across diverse sectors, emphasizing their advanced capabilities and cautious, evasive approach.