Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security United States IT Technology

A Stealthy New Espionage Group is Targeting Corporate Mergers and Acquisitions (techcrunch.com) 6

A new espionage actor is breaching corporate networks to steal emails from employees involved in big financial transactions like mergers and acquisitions. From a report: Mandiant researchers, which first discovered the advanced persistent threat (APT) group in December 2019 and now tracks it as "UNC3524," says that while the group's corporate targets hint at financial motivation, its longer-than-average dwell time in a victim's environment suggests an intelligence gathering mandate. In some cases, UNC3524 remained undetected in victims' environments for as long as 18 months, versus an average dwell time of 21 days in 2021.

Mandiant credits the group's success at achieving such a long dwell time to its unique approach to its use of a novel backdoor -- tracked as "QuietExit" -- on network appliances that do not support antivirus or endpoint detection, such as storage arrays, load balancers and wireless access point controllers. The QuietExit backdoor's command-and-control servers are part of a botnet built by compromising D-Link and LifeSize conference room camera systems, according to Mandiant, which said the compromised devices were likely breached due to the use of default credentials, rather than an exploit.

This discussion has been archived. No new comments can be posted.

A Stealthy New Espionage Group is Targeting Corporate Mergers and Acquisitions

Comments Filter:
  • Please be sure to use your power for good, fun, and profit.
    • Comment removed based on user account deletion
    • by EvilSS ( 557649 )
      Profit for sure. I have to think anyone targeting M&A is looking for insider info to use in the stock market. Tricky to hide though, especially when the intrusions are uncovered and timelines can be mapped. Pretty hard to anon-buy stocks. Guess you could sell the info to others, using crypto and being careful how you communicate would make it harder to find you, if not your customers.
  • by PPH ( 736903 ) on Tuesday May 03, 2022 @01:35PM (#62500006)

    ... are involved in serious M&A activity, you should already be prepared to be a target of espionage. And you are still not using end to end encryption? You fail.

    Never mind the Russians, half of our own Congress makes its millions by insider trading. And then there's your own BOFH admin that always seems to time the market right and drives a new Ferrari every year.

  • advanced persistent threat (APT) group in December 2019 and now tracks it as "UNC3524

    Nothing like the overuse of acronyms and cryptic codes everywhere to look serious and sell your business.

    More prosaically, what they have here is script kiddies who exploited default passwords and kept coming back for stuff to exploit (and also, the victim's IT team who isn't really on the case, enabling this to happen in the first place).

    In other words, beyond the snazzy Bond-esque parlance, more of the depressing same.

You know you've landed gear-up when it takes full power to taxi.

Working...