| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNC6485 is a cyber-espionage group exploiting CVE-2025-12480 in Gladinet’s Triofox file-sharing platform to gain initial network access and establish long-term persistence. They create unauthorized administrative accounts and deploy RATs, utilizing legitimate tools like Zoho Assist and AnyDesk to evade detection. Their TTPs indicate a sophisticated understanding of the platform, allowing them to blend malicious activities with legitimate administrative actions.
There are currently no families associated with this actor.
| 2025-11-10
⋅
Mandiant
⋅
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 UNC6485 |