UNC3524  (Back to overview)

Mandiant observed this group operating since December 2019. Its techniques partially overlap with multiple Russian-based espionage actors (APT28 and APT29). They are described as having a high level of operational security, low malware footprint, adept evasive skills, and a large Internet of Things (IoT) device botnet at their disposal.

---

Associated Families

There are currently no families associated with this actor.

---

References

2022-05-02 ⋅ Mandiant ⋅ Doug Bienstock, Melissa Derr, Josh Madeley, Tyler McLellan, Chris Gardner @online{bienstock:20220502:unc3524:5948892, author = {Doug Bienstock and Melissa Derr and Josh Madeley and Tyler McLellan and Chris Gardner}, title = {{UNC3524: Eye Spy on Your Email}}, date = {2022-05-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc3524-eye-spy-email}, language = {English}, urldate = {2022-05-03} } UNC3524: Eye Spy on Your Email QUIETEXIT UNC3524

---

Credits: MISP Project