Multiple sectors across China, Hong Kong, and Pakistan are targeted by the advanced cyber espionage group UNG0002, utilizing spear-phishing, decoy documents, and post-exploitation tools like Cobalt Strike and Metasploit. The campaigns, Operation Cobalt Whisper and Operation AmberMist, aim to steal sensitive research and intellectual property, demonstrating high adaptability and technical expertise. #CobaltStrike #ShadowRAT
Keypoints
- UNG0002 is a sophisticated threat group targeting multiple Asian countries since May 2024.
- The group employs spear-phishing with LNK files and decoy CV documents to infect victims.
- Operations include delivering Cobalt Strike, INET RAT, and Shadow RAT for post-exploitation activities.
- Attacks target sectors such as defense, energy, healthcare, and academia to steal sensitive information.
- The threat actorβs origins are likely Southeast Asian, showcasing high versatility and evolving tactics.
Read More: https://thehackernews.com/2025/07/ung0002-group-hits-china-hong-kong.html