UNG0002 (Unknown Group 0002): Espionage Campaigns Uncovered
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
UNG0002, an espionage-focused threat group, has been conducting campaigns across Asian jurisdictions including China, Hong Kong, and Pakistan. The group employs sophisticated multi-stage attacks using LNK files, VBScript, and custom RAT implants. Their operations span two major campaigns: Operation Cobalt Whisper and Operation AmberMist, targeting various sectors such as defense, aviation, gaming, and academia. UNG0002 utilizes social engineering techniques like ClickFix and abuses DLL sideloading to evade detection. The group demonstrates high adaptability, evolving from using Cobalt Strike to developing custom implants like Shadow RAT and INET RAT. Attribution challenges persist, but the group is assessed to originate from South-East Asia with a focus on espionage activities.
OPENCTI LABELS :
social engineering,dll sideloading,clickfix,custom malware,rat implants,blister dll implant,inet rat,multi-stage attacks,shadow rat
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
UNG0002 (Unknown Group 0002): Espionage Campaigns Uncovered