Group exploits IoT vulnerabilities and legitimate Windows functions to snoop on emails and servers, say researchers.
A previously undisclosed cyber-espionage group is using clever techniques to breach corporate networks and steal information related to mergers, acquisitions and other large financial transactions – and they've been able to remain undetected by victims for periods of more than 18 months.
Detailed by
cybersecurity researchers at Mandiant, who've named it UNC3524, the hacking operation has been active since at least December 2019 and uses a range of advanced methods to infiltrate and maintain persistence on compromised networks that set it apart from most other hacking groups. These methods include the ability to immediately re-infect environments after access is removed. It's currently unknown how initial access is achieved.
One of the reasons UNC3524 is so successful at maintaining persistence on networks for such a long time is because it installs backdoors on applications and services that don't support security tools, such as anti-virus or endpoint protection.