UNC3524  (Back to overview)

Mandiant observed this group operating since December 2019. Its techniques partially overlap with multiple Russian-based espionage actors (APT28 and APT29). They are described as having a high level of operational security, low malware footprint, adept evasive skills, and a large Internet of Things (IoT) device botnet at their disposal.

Associated Families

There are currently no families associated with this actor.

2022-05-02MandiantDoug Bienstock, Melissa Derr, Josh Madeley, Tyler McLellan, Chris Gardner
@online{bienstock:20220502:unc3524:5948892, author = {Doug Bienstock and Melissa Derr and Josh Madeley and Tyler McLellan and Chris Gardner}, title = {{UNC3524: Eye Spy on Your Email}}, date = {2022-05-02}, organization = {Mandiant}, url = {}, language = {English}, urldate = {2022-05-03} } UNC3524: Eye Spy on Your Email

Credits: MISP Project