tldrdaily.news logo
Tag

Unc3886

All articles tagged with #unc3886

"Chinese Hackers Exploit VMware Zero-Day Flaw for 2 Years, Targeting Critical vCenter Vulnerabilities"
cybersecurity2 years ago

"Chinese Hackers Exploit VMware Zero-Day Flaw for 2 Years, Targeting Critical vCenter Vulnerabilities"

A China-linked cyber espionage group, UNC3886, has been exploiting a critical zero-day vulnerability (CVE-2023-34048) in VMware vCenter Server since late 2021, allowing them to gain privileged access, deploy malware, and execute arbitrary commands. This group has a history of leveraging zero-day vulnerabilities and has also targeted Fortinet appliances. VMware vCenter Server users are advised to update to the latest version to mitigate potential threats, as the group continues to exploit vulnerabilities in virtualization and firewall technologies.

via The Hacker News|
#chinese-hackers#cyber-espionage#cybersecurity
Chinese Hackers Exploit VMware ESXi Zero-Day for Espionage Operations.
zero-day-network-security2 years ago

Chinese Hackers Exploit VMware ESXi Zero-Day for Espionage Operations.

Chinese state-sponsored group UNC3886 has been exploiting a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The group has been described as a "highly adept" adversarial collective targeting defense, technology, and telecommunication organizations in the U.S., Japan, and the Asia-Pacific region. UNC3886 has been using Virtual Machine Communication Interface (VMCI) sockets for lateral movement and continued persistence, thereby allowing it to establish a covert channel between the ESXi host and its guest VMs. The group has also been observed harvesting credentials from vCenter servers and abusing CVE-2023-20867 to execute commands and transfer files to and from guest VMs from a compromised ESXi host.

via The Hacker News|
#backdoor#chinese-hackers#cyber-espionage
Rising Sophistication of Chinese Hackers in Cyber Espionage Attacks.
network-security-cyber-espionage2 years ago

Rising Sophistication of Chinese Hackers in Cyber Espionage Attacks.

Chinese hackers, identified as UNC3886, have exploited a zero-day vulnerability in the Fortinet FortiOS operating system to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments. The vulnerability, tracked as CVE-2022-41328, was patched by Fortinet on March 7, 2023. The attacks mounted by UNC3886 targeted Fortinet's FortiGate, FortiManager, and FortiAnalyzer appliances to deploy two different implants such as THINCRUST and CASTLETAP. The group was previously tied to another intrusion set targeting VMware ESXi and Linux vCenter servers as part of a hyperjacking campaign designed to drop backdoors such as VIRTUALPITA and VIRTUALPIE.

via The Hacker News|
#chinese-hackers#cyber-espionage#fortinet