UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

Multiple persistence strategies have been seen to be used by the China-nexus cyber espionage actor connected to the zero-day exploitation of security weaknesses in Fortinet, Ivanti, and VMware devices to keep unrestricted access to compromised environments.

According to a recent analysis from Mandiant researchers, persistence techniques included network devices, hypervisors, and virtual machines and made sure that alternate channels remained accessible even in the event that the primary layer was identified and removed.

UNC3886 is the threat actor in question, and the threat intelligence firm controlled by Google described it as “sophisticated, cautious, and evasive.”

The adversary’s attacks have taken advantage of zero-day vulnerabilities including CVE-2022-41328 (Fortinet FortiOS), CVE-2022-22948 (VMware vCenter), and CVE-2023-20867 (VMware Tools) to carry out a variety of malevolent tasks, like installing backdoors and gaining credentials read more UNC3886 Uses Fortinet VMware 0-Days and Stealth Tactics in Long-Term Spying.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *