ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > UNC2891

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: UNC2891

NamesUNC2891 (Mandiant)
Country[Unknown]
MotivationFinancial gain
First seen2020
Description(Mandiant) The Mandiant Advanced Practices team previously published a threat research blog post that provided an overview of UNC1945 (LightBasin) operations where the actor compromised managed services providers to gain access to targets in the financial and professional consulting industries.

Since that time, Mandiant has investigated and attributed several intrusions to a threat cluster we believe has a nexus to this actor, currently being tracked as UNC2891. Through these investigations, Mandiant has discovered additional techniques, malware, and utilities being used by UNC2891 alongside those previously observed in use by UNC1945. Despite having identified significant overlaps between these threat clusters, Mandiant has not determined they are attributable to the same actor.
ObservedSectors: Financial.
Tools usedBINBASH, CAKETAP, MIGLOGCLEANER, SLAPSTICK, STEELCORGI, STEELHOUND, SUN4ME, Tiny SHell, WINGCRACK, WINGHOOK, WIPERIGHT.
Information<https://www.mandiant.com/resources/unc2891-overview>

Last change to this card: 03 April 2022

Download this actor card in PDF or JSON format

Previous: UNC2452, Dark Halo, SolarStorm
Next: UNC3524

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]