A Stealthy New Espionage Group is Targeting Corporate Mergers and Acquisitions (techcrunch.com) 6
A new espionage actor is breaching corporate networks to steal emails from employees involved in big financial transactions like mergers and acquisitions. From a report: Mandiant researchers, which first discovered the advanced persistent threat (APT) group in December 2019 and now tracks it as "UNC3524," says that while the group's corporate targets hint at financial motivation, its longer-than-average dwell time in a victim's environment suggests an intelligence gathering mandate. In some cases, UNC3524 remained undetected in victims' environments for as long as 18 months, versus an average dwell time of 21 days in 2021.
Mandiant credits the group's success at achieving such a long dwell time to its unique approach to its use of a novel backdoor -- tracked as "QuietExit" -- on network appliances that do not support antivirus or endpoint detection, such as storage arrays, load balancers and wireless access point controllers. The QuietExit backdoor's command-and-control servers are part of a botnet built by compromising D-Link and LifeSize conference room camera systems, according to Mandiant, which said the compromised devices were likely breached due to the use of default credentials, rather than an exploit.
Mandiant credits the group's success at achieving such a long dwell time to its unique approach to its use of a novel backdoor -- tracked as "QuietExit" -- on network appliances that do not support antivirus or endpoint detection, such as storage arrays, load balancers and wireless access point controllers. The QuietExit backdoor's command-and-control servers are part of a botnet built by compromising D-Link and LifeSize conference room camera systems, according to Mandiant, which said the compromised devices were likely breached due to the use of default credentials, rather than an exploit.
Robin Hood (Score:2)
Re: (Score:2)
Re: (Score:2)
They left fun behind a long time ago and good before that.
Re: (Score:2)
If you ... (Score:3)
Never mind the Russians, half of our own Congress makes its millions by insider trading. And then there's your own BOFH admin that always seems to time the market right and drives a new Ferrari every year.
Acronyms (Score:2)
advanced persistent threat (APT) group in December 2019 and now tracks it as "UNC3524
Nothing like the overuse of acronyms and cryptic codes everywhere to look serious and sell your business.
More prosaically, what they have here is script kiddies who exploited default passwords and kept coming back for stuff to exploit (and also, the victim's IT team who isn't really on the case, enabling this to happen in the first place).
In other words, beyond the snazzy Bond-esque parlance, more of the depressing same.