Cyberarms
- Mar 18
- 1 min read

Have Your Cake and Eat it Too?

Security researchers investigated and attributed several intrusions to a threat cluster, believed has a nexus to the actor tracked as UNC2891. Through these investigations, researchers discovered additional techniques, malware, and utilities being used by UNC2891 alongside those previously observed in use by UNC1945.

UNC2891 intrusions appear to be financially motivated and in some cases spanned several years through which the actor had remained largely undetected.

UNC2891 demonstrated fluency and expertise in Unix and Linux environments, mostly through the targeting of Oracle Solaris based systems with TINYSHELL and SLAPSTICK backdoors.

Recent Posts

See All

Forged in Fire: A Survey of MobileIron Log4Shell Exploitation

Mandiant observed four unique applications targeted and exploited using CVE-2021-44228. One product that caught our attention in the immediate aftermath of this CVE’s release was MobileIron Core; an o

A banking Trojan - New Conversation Hijacking Campaign Delivering IcedID

The attack-chain starts with a phishing email. The email includes a message about some important document and has a password protected “zip” archive file attached. The password to the archive is given

Legitimate files used by Vidar, Oski, & Mars Stealer!

During Vidar infections, the initial malware retrieves legitimate DLL files hosted on the same C2 server used for data exfiltration. These files are not malicious, but they are used by the Vidar malw

Have Your Cake and Eat it Too?

Recent Posts

Submit Your Enquiry Here

Other Enquiries

Chat