UNC3886
Actor Type | Nation State |
---|---|
Attributed to Nation | China |
UNC3886 is an intrusion set tracked by researchers at Google's Mandiant. Although the group has not been formally attributed or identified as a specific 'APT', Mandiant describe the actor as 'a highly adept Chinese cyber espionage group'.
UNC3886 have been observed exploiting vulnerabilities in network devices (from Fortinet and Ivanti) as well as virtualization technology (including VMWare ESXi). The group utilises custom malware and is assessed as having the resources for extensive research and development against target technologies.
The group is reported as targeting defense, technology and telecomms sectors in the US and Asia Pacific regions.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
UNC3886 Threat Reports
Cloaked and Covert: Uncovering UNC3886 Espionage Operations
This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...
Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021
This short post from Mandiant researchers details how UNC3886 were observed exploiting a zero-day vulnerability in VMWare tools for approximately ...
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
This blog post by threat researchers at Mandiant outlines intrusions activity by the UNC3886 intrusion set which involved the deployment of ...
References
cloud.google.com
https://cloud.google.com/blog/topics/threat-intelligence/vmware-esxi-zero-day-bypasscloud.google.com
https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operationswww.mandiant.com
https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistencewww.mandiant.com
https://www.mandiant.com/resources/blog/chinese-vmware-exploitation-since-2021cloud.google.com
https://cloud.google.com/blog/topics/threat-intelligence/esxi-hypervisors-malware-persistencewww.mandiant.com
https://www.mandiant.com/resources/blog/fortinet-malware-ecosystemMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.