UNC3886

OriginChina

Techniques (MITRE ATT&CK)49

SourceMITRE ATT&CK

Vexday analysis

UNC3886 é um grupo de ciberespionagem de origem chinesa, ativo pelo menos desde 2022, que tem como alvos organizações dos setores de defesa, tecnologia e telecomunicações nos Estados Unidos e na região da Ásia-Pacífico. O grupo demonstra profundo conhecimento de dispositivos de borda e tecnologias de virtualização, explorando vulnerabilidades zero-day e empregando famílias de malware e utilitários inéditos. Catalogado no MITRE ATT&CK como G1048, tem 49 técnicas documentadas e 8 CVEs atribuídas à sua atuação.

Techniques (MITRE ATT&CK) 49

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Search Threat Vendor Data

Resource development

Malware Exploits Malware Digital Certificates

Initial access

Exploit Public-Facing Application

Execution

PowerShell Windows Command Shell Unix Shell Python Hypervisor CLI Exploitation for Client Execution ESXi Administration Command

Persistence

Boot or Logon Initialization Scripts RC Scripts vSphere Installation Bundles Compromise Host Software Binary

Privilege escalation

Exploitation for Privilege Escalation Abuse Elevation Control Mechanism

Credential access

LSASS Memory Network Sniffing Exploitation for Credential Access Password Managers

Discovery

Process Discovery File and Directory Discovery System Time Discovery Virtual Machine Discovery

Lateral movement

SSH Lateral Tool Transfer

Collection

Local Data Staging Archive via Utility Archive via Custom Method

Command and control

Fallback Channels Non-Application Layer Protocol

defense-impairment

Disable or Modify Tools Disable or Modify System Firewall Prevent Command History Logging

stealth

Rootkit Indicator Removal from Tools Masquerade Task or Service File Deletion Timestomp Clear Network Connection History and Configurations Valid Accounts Default Accounts Traffic Signaling Port Knocking Rundll32 Ignore Process Interrupts

Exploited vulnerabilities 8

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEV CVE-2022-42475CRITICALEPSS 99%KEV CVE-2023-34048CRITICALEPSS 99%KEV CVE-2022-22948MEDIUMEPSS 14%KEV CVE-2023-20867LOWEPSS 14%KEV CVE-2022-41328MEDIUMEPSS 12%KEV CVE-2016-6662EPSS 68%CVE-2019-3610MEDIUMEPSS 0%

UNC3886 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →