ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > UNC4191

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: UNC4191

NamesUNC4191 (Mandiant)
CountryChina China
MotivationInformation theft and espionage
First seen2022
Description(Mandiant) Mandiant Managed Defense recently identified cyber espionage activity that heavily leverages USB devices as an initial infection vector and concentrates on the Philippines. Mandiant tracks this activity as UNC4191 and we assess it has a China nexus.

UNC4191 operations have affected a range of public and private sector entities primarily in Southeast Asia and extending to the U.S., Europe, and APJ; however, even when targeted organizations were based in other locations, the specific systems targeted by UNC4191 were also found to be physically located in the Philippines.
ObservedCountries: Philippines.
Tools usedBLUEHAZE, DARKDEW, MISTCLOAK, NCAT.
Information<https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia>
<https://therecord.media/espionage-group-using-usb-devices-to-hack-targets-in-southeast-asia>

Last change to this card: 12 March 2024

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]