Stealthy APT group plunders very specific corporate email accounts

4 May 2022

An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments for at least 18 months. Catalogued as UNC3524 by Mandiant, the threat actor is also extremely adept at re-gaining access to a victim environment when booted out, “re-compromising the environment with a variety of mechanisms, immediately restarting their data theft campaign.” The APT and its route to corporate email UNC3524 is mostly after emails and their contents, particularly those of employees that focus on corporate development, mergers and acquisitions, large corporate transactions, and IT security staff (the latter, most likely, to determine if their operation had been detected).

Read full article on Help Net Security

Date:

4 May 2022

Categorie(s):

NEWS

Tag(s):

APT, IT, Mandiant, News

Network Threats: A Step-by-Step Attack Demonstration25 April 2024
ESET integrates with Arctic Wolf to provide greater security visibility25 April 2024
JudgeO Online Code Editor Flaw Let Attackers Execute Code as Root User25 April 2024
Sublime Security secures $20 million to strengthen cloud email security and visibility25 April 2024
DragonForce Ransomware Group Uses LockBit’s Leaked Builder25 April 2024