NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / UNC3886

UNC3886

G1048 China MITRE ATT&CK →

Overview

UNC3886 is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan (APJ) regions. UNC3886 has displayed a deep understanding of edge devices and virtualization technologies through the exploitation of zero-day vulnerabilities and the use of novel malware families and utilities.

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1190, T1203, T1212
  • Custom malware/implant development — ATT&CK: 8 attributed custom malware families

TTPs — 49 techniques across 13 tactics

Reconnaissance

Resource Development

Initial Access

Credential Access

Lateral Movement

Collection

Command and Control

Tools & malware (8)

MOPSLED · VIRTUALPIE · CASTLETAP · THINCRUST · VIRTUALPITA · REPTILE · MEDUSA · RIFLESPINE

Reporting (2)