UNC4191

Description

(Mandiant) Mandiant Managed Defense recently identified cyber espionage activity that heavily leverages USB devices as an initial infection vector and concentrates on the Philippines. Mandiant tracks this activity as UNC4191 and we assess it has a China nexus.

UNC4191 operations have affected a range of public and private sector entities primarily in Southeast Asia and extending to the U.S., Europe, and APJ; however, even when targeted organizations were based in other locations, the specific systems targeted by UNC4191 were also found to be physically located in the Philippines.

Names

Name	Name-Giver
UNC4191	Mandiant

Country

China

Motivation

Information theft and espionage

First Seen

2022

Observed Countries

Philippines

Tools

BLUEHAZE
DARKDEW
MISTCLOAK
NCAT

Information

https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia
https://therecord.media/espionage-group-using-usb-devices-to-hack-targets-in-southeast-asia

Other Information

Uuid

f0a03ff4-df62-4860-a418-164c9a01b78e

Last Card Change

2024-03-12

Threat Intelligence Garden

Explorer

UNC4191

UNC4191

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks