UNC3784

Also known as: UNC3784

UNC3784 is a suspected Chinese espionage actor, which - alongside other China-backed groups - was observed exploiting the β€œFollina” vulnerability (CVE-2022-30190) in zero-day attacks on organizations in Russia and Asia. UNC3784 specifically was observed deploying backdoor and downloader malware on compromised government networks in Southeast Asia.[Mandiant M-Trends 2023]

🌍 Country China

Introduction

UNC3784 is a suspected Chinese espionage actor, which - alongside other China-backed groups - was observed exploiting the β€œFollina” vulnerability (CVE-2022-30190) in zero-day attacks on organizations in Russia and Asia. UNC3784 specifically was observed deploying backdoor and downloader malware on compromised government networks in Southeast Asia.[Mandiant M-Trends 2023]

Activities and Tactics

Country of Origin: πŸ‡¨πŸ‡³ China

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Backdoor.Oldrea:
  • China Chopper:
  • Xploit:

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

[1] [Mandiant M-Trends 2023