UNC3886

Actor Type Nation State
Attributed to Nation China

UNC3886 is an intrusion set tracked by researchers at Google's Mandiant. Although the group has not been formally attributed or identified as a specific 'APT', Mandiant describe the actor as 'a highly adept Chinese cyber espionage group'.

UNC3886 have been observed exploiting vulnerabilities in network devices (from Fortinet and Ivanti) as well as virtualization technology (including VMWare ESXi). The group utilises custom malware and is assessed as having the resources for extensive research and development against target technologies.

The group is reported as targeting defense, technology and telecomms sectors in the US and Asia Pacific regions.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

UNC3886 Threat Reports

Report

Cloaked and Covert: Uncovering UNC3886 Espionage Operations

This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...

Report

Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021

This short post from Mandiant researchers details how UNC3886 were observed exploiting a zero-day vulnerability in VMWare tools for approximately ...

Report

Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation

This blog post by threat researchers at Mandiant outlines intrusions activity by the UNC3886 intrusion set which involved the deployment of ...

References

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use by this intrusion set.