Names | UNC3524 (Mandiant) Cranefly (Symantec) | |
Country | ![]() | |
Motivation | Information theft and espionage | |
First seen | 2019 | |
Description | (Mandiant) In this blog post, we introduce UNC3524, a newly discovered suspected espionage threat actor that, to date, heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. On the surface, their targeting of individuals involved in corporate transactions suggests a financial motivation; however, their ability to remain undetected for an order of magnitude longer than the average dwell time of 21 days in 2021, as reported in M-Trends 2022, suggests an espionage mandate. | |
Observed | ||
Tools used | Danfuan, Geppei, reGeorg, QUIETEXIT. | |
Information | <https://www.mandiant.com/resources/unc3524-eye-spy-email> |
Last change to this card: 18 November 2022
Digital Service Security Center Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1227 | |
![]() |
[email protected] |