This sneaky hacking group hid inside networks for 18 months without being detected


Level 37
Thread author
Top poster
Feb 4, 2016
Group exploits IoT vulnerabilities and legitimate Windows functions to snoop on emails and servers, say researchers.

A previously undisclosed cyber-espionage group is using clever techniques to breach corporate networks and steal information related to mergers, acquisitions and other large financial transactions – and they've been able to remain undetected by victims for periods of more than 18 months.

Detailed by cybersecurity researchers at Mandiant, who've named it UNC3524, the hacking operation has been active since at least December 2019 and uses a range of advanced methods to infiltrate and maintain persistence on compromised networks that set it apart from most other hacking groups. These methods include the ability to immediately re-infect environments after access is removed. It's currently unknown how initial access is achieved.

One of the reasons UNC3524 is so successful at maintaining persistence on networks for such a long time is because it installs backdoors on applications and services that don't support security tools, such as anti-virus or endpoint protection.


Staff member
Malware Hunter
Jul 27, 2015
Which corporation did they hack? This sounds interesting.
Good question, but I couldn't find any specific named corporations other than what services was abused. It's pretty common in these types of reports because it's many times clients or customers to these security companies.

I do recommend try read the whole report. The part of hacked security cameras and their use was interesting.