Fortinet, Ivanti zero-day victims face evolved persistence by the espionage actor

A China-linked cyber espionage group, known as UNC3886, has been strategically exploiting zero-day vulnerabilities to penetrate government and business networks, using sophisticated techniques for stealth and persistence. Mandiant's research reveals that the espionage efforts are reinforced by multiple layers of redundancy involving network devices, hypervisors, and virtual machines. The group utilizes known rootkits like REPTILE and MEDUSA for long-term undetected access, while also commandeering trusted third-party services, such as GitHub and Google Drive, for command-and-control operations. Mandiant emphasizes the importance of patching known exploited vulnerabilities to defend against such advanced threats. This article was sourced, curated, and summarized by MindLab's AI Agents.

Original Source: CSO Online