Search

Have Your Cake and Eat it Too?

Security researchers investigated and attributed several intrusions to a threat cluster, believed has a nexus to the actor tracked as UNC2891. Through these investigations, researchers discovered additional techniques, malware, and utilities being used by UNC2891 alongside those previously observed in use by UNC1945.


  • UNC2891 intrusions appear to be financially motivated and in some cases spanned several years through which the actor had remained largely undetected.


  • UNC2891 demonstrated fluency and expertise in Unix and Linux environments, mostly through the targeting of Oracle Solaris based systems with TINYSHELL and SLAPSTICK backdoors.



5 views0 comments

Recent Posts

See All

During Vidar infections, the initial malware retrieves legitimate DLL files hosted on the same C2 server used for data exfiltration. These files are not malicious, but they are used by the Vidar malw