SYMBOLCOMMON_NAMEaka. SYNONYMS

LightBasin  (Back to overview)

aka: CL-CRI-0025, UNC1945

UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromised networks. UNC1945 has demonstrated advanced technical abilities, utilizing various tools and techniques to evade detection and move laterally through networks. They have also been observed targeting other industries, such as financial and professional consulting, and have been linked to other threat actors, including MustangPanada and RedDelta.


Associated Families
win.gtpdoor

References
2024-02-28Twitter (@haxrob)haxrob
Tweet series regarding GTPDOOR
GTPDOOR
2024-02-27Doubleagent.nethaxrob
GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange
GTPDOOR
2023-09-19Cisco TalosArnaud Zobec, Asheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
HTTPSnoop PipeSnoop LightBasin ShroudedSnooper
2022-03-16MandiantJoshua Homan, Logeswaran Nadarajan, Martin Co, Mathew Potaczek, Sylvain Hirsch, Takahiro Sugiyama, Yu Nakamura
Have Your Cake and Eat it Too? An Overview of UNC2891
SLAPSTICK STEELCORGI LightBasin
2021-10-19CrowdStrikeDan Meyer, Jamie Harris
LightBasin: A Roaming Threat to Telecommunications Companies
LightBasin

Credits: MISP Project