"UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying"

The cyber espionage actor "UNC3866," linked to the zero-day exploitation of Fortinet, Ivanti, and VMware security flaws, uses multiple persistence mechanisms to maintain access to compromised environments. According to Mandiant researchers, the persistence mechanisms involved network devices, hypervisors, and Virtual Machines (VMs). The adversary has exploited zero-day flaws impacting Fortinet FortiOS, VMware vCenter, and VMware Tools to deploy backdoors, steal credentials, and more. This article continues to discuss findings regarding UNC3886 espionage operations.

THN reports "UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying"

Submitted by grigby1

Submitted by Gregory Rigby on