UNC961: Three Encounters with a Financially Motivated Threat Actor
released on 2023-03-23 @ 06:36:12 PM
Web application vulnerabilities are like doorways: you never know who or what will walk through. Between December 2021 and July 2022, the Mandiant Managed Defense and Incident Response teams responded to three UNC961 intrusions at different organizations that each started in similar fashion. Two of these victims were under the protection of Managed Defense who identified and responded to the threat before significant impact occurred. In the third intrusion, the Mandiant Incident Response team was contacted after UNC961 had compromised the victim and transferred access to UNC3966.