Seqrite Labs has uncovered recent espionage activities by the South Asian threat actor UNG0002, targeting various sectors across Asia with multi-stage infection campaigns. The group uses advanced malware implants and social engineering techniques, evolving their operations to focus on sectors like gaming, academia, and software development. #UNG0002 #ShadowRAT
Keypoints
- UNG0002 conducts multi-stage cyber campaigns across multiple Asian countries since 2024.
- Their operations include two major campaigns: Operation Cobalt Whisper and Operation AmberMist.
- The group employs complex infection methods using malicious LNK files, PowerShell scripts, and DLL sideloading.
- Custom RAT implants like Shadow RAT, INET RAT, and Blister DLL are used to target various sectors.
- Researchers identified internal code names and consistent command-and-control infrastructure linking the campaigns.