Lucene search
K

19 matches found

The Hacker News
The Hacker News
added 2026/02/09 5:1 p.m.9 views

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

The Cyber Security Agency CSA of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All...

8.7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/07/28 12:0 a.m.10 views

Revisiting UNC3886 Tactics to Defend Against Present Risk

We examine the past tactics used by UNC3886 to gain insight on how to best strengthen defenses against the ongoing and emerging threats of this APT group...

7.5AI score
Exploits0
HackRead
HackRead
added 2025/03/12 4:21 p.m.12 views

Chinese Cyber Espionage Group UNC3886 Backdoored Juniper Routers

UNC3886 hackers target Juniper routers with custom backdoor malware, exploiting outdated systems for stealthy access and espionage. Learn how to stay protected...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.4 views

PT-2025-11046

Name of the Vulnerable Software and Affected Versions Juniper Junos OS versions prior to 21.2R3-S9 Juniper Junos OS versions 21.4 before 21.4R3-S10 Juniper Junos OS versions 22.2 before 22.2R3-S6 Juniper Junos OS versions 22.4 before 22.4R3-S6 Juniper Junos OS versions 23.2 before 23.2R2-S3 Junip...

6.7CVSS7.1AI score0.01657EPSS
Exploits0References65
The Hacker News
The Hacker News
added 2024/06/19 3:9 p.m.97 views

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed...

9.8CVSS8AI score0.99474EPSS
Exploits13
The Hacker News
The Hacker News
added 2024/04/05 7:15 a.m.67 views

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. The clusters are being tracked by Mandiant under the uncategorized monikers UNC5221, UNC5266, UNC5291, UNC5325,...

9.1CVSS9.6AI score0.99999EPSS
Exploits24
The Hacker News
The Hacker News
added 2024/03/21 3:55 a.m.86 views

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An unauthenticated threa...

7.6AI score0.12844EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/02/29 5:49 a.m.70 views

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTE...

9.1CVSS8.4AI score0.99999EPSS
Exploits19
The Hacker News
The Hacker News
added 2024/01/20 10:23 a.m.104 views

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing...

9.8CVSS6.2AI score0.99428EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.3 views

PT-2023-6424

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to October 2023 Description VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may...

10CVSS10AI score0.99428EPSS
Exploits1References170
The Hacker News
The Hacker News
added 2023/08/05 7:52 a.m.52 views

Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems

Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of...

6.7AI score
Exploits0
hivepro
hivepro
added 2023/06/20 6:45 a.m.26 views

Actors, Threats and Vulnerabilities 12 June to 18 June 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of twenty different vulnerabilities in...

2.3CVSS7AI score0.13638EPSS
Exploits0
hivepro
hivepro
added 2023/06/15 6:55 a.m.79 views

Chinese Espionage Hackers Exploit ESXi Zero-Day

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chinese-sponsored hacking group, UNC3886, has been actively exploiting the CVE-2023-20867 vulnerability and using advanced backdoors such as VirtualPita and VirtualPie to carry out malicious activiti...

2.3CVSS6.8AI score0.13638EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/06/14 4:46 p.m.4 views

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 CVSS score: 3.9, "enabled the execution of privileged commands...

9.8CVSS8AI score0.98281EPSS
Exploits7
The Hacker News
The Hacker News
added 2023/06/14 4:46 p.m.56 views

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 CVSS score: 3.9, "enabled the execution of privileged commands...

8AI score0.98281EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.7 views

PT-2023-3080 · Vmware +10 · Vmware Tools +13

Name of the Vulnerable Software and Affected Versions: VMware Tools versions prior to 12.2.5 VMware vCenter affected versions not specified Description: A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integri...

7.5CVSS6.8AI score0.13638EPSS
Exploits1References139
hivepro
hivepro
added 2023/03/22 8:56 a.m.39 views

UNC3886 targets technologies with custom malware and exploits zero-day vulnerabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC3886 is a cyber espionage Chinese group that targets technologies without EDR solutions and exploits zero-day vulnerabilities to steal user credentials and maintain access. To receive real-time threat...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/18 11:30 a.m.150 views

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. American cybersecurity company Mandiant, which made the attribution, said the activity cluster is part of a broader campaign...

7.1CVSS7.7AI score0.12316EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/03/18 11:30 a.m.4 views

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. American cybersecurity company Mandiant, which made the attribution, said the activity cluster is part of a broader campaign...

7.1CVSS7.6AI score0.12316EPSS
Exploits0
Rows per page
Query Builder