This sneaky hacking group hid inside networks for 18 months without being detected

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,519
Group exploits IoT vulnerabilities and legitimate Windows functions to snoop on emails and servers, say researchers.

A previously undisclosed cyber-espionage group is using clever techniques to breach corporate networks and steal information related to mergers, acquisitions and other large financial transactions – and they've been able to remain undetected by victims for periods of more than 18 months.

Detailed by cybersecurity researchers at Mandiant, who've named it UNC3524, the hacking operation has been active since at least December 2019 and uses a range of advanced methods to infiltrate and maintain persistence on compromised networks that set it apart from most other hacking groups. These methods include the ability to immediately re-infect environments after access is removed. It's currently unknown how initial access is achieved.

One of the reasons UNC3524 is so successful at maintaining persistence on networks for such a long time is because it installs backdoors on applications and services that don't support security tools, such as anti-virus or endpoint protection.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,944
Which corporation did they hack? This sounds interesting.
Good question, but I couldn't find any specific named corporations other than what services was abused. It's pretty common in these types of reports because it's many times clients or customers to these security companies.

I do recommend try read the whole report. The part of hacked security cameras and their use was interesting.