A new espionage actor is breaching corporate networks to steal emails from employees involved in big financial transactions like mergers and acquisitions.
Mandiant, which first discovered the advanced persistent threat (APT) group in December 2019 and now tracks it as “UNC3524”, says that while the group’s corporate targets hint at financial motivation, its longer-than-average dwell time in a victim’s environment suggests an intelligence gathering mandate. In some cases, UNC3524 remained undetected in victims’ environments for as long as 18 months, versus an average dwell time of 21 days in 2021.
Mandiant credits the group’s success at achieving such a long dwell time to its unique approach to its use of a novel backdoor — tracked as “QuietExit” — on network appliances that do not support antivirus or endpoint detection, such as storage arrays, load b …
