ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > UNC3524

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: UNC3524

NamesUNC3524 (Mandiant)
Cranefly (Symantec)
CountryRussia Russia
MotivationInformation theft and espionage
First seen2019
Description(Mandiant) In this blog post, we introduce UNC3524, a newly discovered suspected espionage threat actor that, to date, heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. On the surface, their targeting of individuals involved in corporate transactions suggests a financial motivation; however, their ability to remain undetected for an order of magnitude longer than the average dwell time of 21 days in 2021, as reported in M-Trends 2022, suggests an espionage mandate.
Observed
Tools usedDanfuan, Geppei, reGeorg, QUIETEXIT.
Information<https://www.mandiant.com/resources/unc3524-eye-spy-email>

Last change to this card: 18 November 2022

Download this actor card in PDF or JSON format

Previous: UNC2891
Next: UNC4191

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]