Unc3886

Threat Actor updated 3 months ago (2024-08-14T09:22:57.768Z)

Download STIX

Preview STIX

UNC3886 is a threat actor, believed to be linked to China, that has been active in cyberespionage activities. The group has been exploiting a zero-day vulnerability in VMware's vCenter Server, identified as CVE-2023-34048, since at least late 2021. This advanced persistent threat (APT) group's actions have demonstrated a high level of targeting and evasiveness, leading experts to attribute their activities to cyberespionage. In June 2023, Mandiant researchers observed UNC3886 exploiting another zero-day vulnerability in VMware ESXi, tracked as CVE-2023-20867. This suggests a pattern of exploiting critical vulnerabilities within VMware products, underlining the group's sophisticated capabilities and strategic focus on these widely used enterprise systems. The ongoing activities of UNC3886 pose a significant threat to organizations utilizing vulnerable VMware products. These exploits can provide unauthorized access to sensitive data and systems, enabling further malicious activities such as data theft or system disruption. Given the group's apparent link to China and its focus on exploiting zero-day vulnerabilities, it is crucial for organizations to prioritize patching and updating their VMware software to mitigate this risk.

Description last updated: 2024-08-14T08:53:32.367Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Zero Day

Vulnerability

Mandiant

Exploit

Vmware

Esxi

Malware

State Sponso...

Windows

Fortigate

Apt

Fortios

Vcenter

Espionage

Exploits

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-34048 Vulnerability is associated with Unc3886. CVE-2023-34048 is a critical out-of-bounds write vulnerability discovered in VMware's vCenter Server, a widely used server management software. This flaw in software design or implementation poses a high risk of exploitation and has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of	Unspecified	3
The CVE-2022-41328 Vulnerability is associated with Unc3886. CVE-2022-41328 is a significant software vulnerability discovered in Fortinet's FortiOS. It was heavily targeted by China-nexus intrusion sets, particularly UNC3886, who exploited the vulnerability to deploy custom malware families on Fortinet and VMware systems. This exploitation occurred in Septem	Unspecified	2
The CVE-2023-20867 Vulnerability is associated with Unc3886. CVE-2023-20867 is a critical vulnerability in VMware Tools, first revealed by Mandiant researchers in June 2023. This flaw in software design or implementation was exploited by the threat group UNC3886, allowing it to gain privileged access to Windows, Linux, and PhotonOS guest virtual machines with	Unspecified	2

Source Document References

Information about the Unc3886 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	10 months ago	CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint	5 months ago	24th June – Threat Intelligence Report - Check Point Research
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	5 months ago	Chinese Hackers Used Open-Source Rootkits for Espionage
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	7 months ago	State Hackers' New Frontier: Network Edge Devices
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini