A China-linked APT group, UNC3886, is carrying out a sophisticated cyber-espionage campaign targeting Singapore’s critical infrastructure, exploiting zero-day vulnerabilities and deploying custom malware. This widespread attack threatens sectors like energy, water, and telecommunications, with potential cascading operational disruptions. #UNC3886 #ZeroDayVulnerabilities
Keypoints
- UNC3886 has been active since 2021 and exploits zero-day vulnerabilities in FortiOS, VMware, Juniper, and ESXi hypervisors.
- The group uses advanced tactics such as living-off-the-land techniques, SSH credential harvesting, and encrypted backdoors.
- Their malware toolkit includes MOPSLED, RIFLESPINE, REPTILE, LOOKOVER, and TINYSHELL, designed for persistence and stealth.
- Critical sectors like energy, water, and telecommunications are primary targets, risking widespread operational impact.
- Defense recommendations include patching vulnerable devices, monitoring network activity, enforcing MFA, and maintaining offline backups.