Threat Actor

Description

UNC3886 is a suspected China-nexus cyber espionage group known for its sophisticated and stealthy operations. The group has been observed targeting various sectors such as defense, government, telecommunication, and technology organizations in Africa, Asia, Europe, North America, and Oceania. The group often exploits vulnerabilities, and use stole credentials to gain initial access and maintain long-term persistence within compromised networks.

Aliases

N/A

Common Vulnerabilities and Exposures

Targeted Industries

Aerospace
Defense
Energy and Utilities
Government
Technology
Telecommunication

Objectives

Cyber Espionage

Known Tools Used

BusyBox
GhostTown
LOOKOVER
Medusa
PITHOOK
SeaElf
Reptile
TABLEFLIP
TinyShell
VIRTUALPIE
VIRTUALPITA
VIRTUALGATE
VIRTUALPEER
VIRTUALSHINE
VIRTUALSPHERE

Known Infection Vectors

Exploiting Known vulnerabilities

References

UNC3886 (Malpedia)

https://malpedia.caad.fkie.fraunhofer.de/actor/unc3886

A Deep Dive into Cyber Threats surrounding U.S. Election 2024 (Fortinet)

https://www.fortinet.com/content/dam/fortinet/assets/intelligence-reports/FortiGuard-Labs-2024-US-Election-Security-Report.pdf

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

UNC3886

Description

Aliases

Common Vulnerabilities and Exposures

Targeted Industries

Objectives

Known Tools Used

Known Infection Vectors

References

Active CVEs

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Threat Actor

UNC3886

Description

Aliases

Common Vulnerabilities and Exposures

Targeted Industries

Objectives

Known Tools Used

Known Infection Vectors

References

Active CVEs

Threat Intelligence
Center