2025-04-24
Mandiant
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
#ITWorker
#Trend
#UNC1069
#UNC3782
#UNC4736
#UNC4899
#UNC5342
UNC5342
"Mandiant began tracking UNC5342 in January 2024, following their social engineering campaign targeting software services, biotech, and media. UNC5342 distributed the BEAVERTAIL downloader via malicious cryptocurrency-themed NPM and Python packages hosted on GitHub. BEAVERTAIL downloads the INVISIBLEFERRET backdoor, granting UNC5342 extensive endpoint control."
- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/?hl=en
Also known as
| Name | Named by | AKA | First seen | Last seen |
|---|---|---|---|---|
| FamousChollima | CrowdStrike | - | 2024-08-07 | 2025-04-24 |
| GwisinGang | DtexSystems | FamousChollima | 2025-05-14 | 2025-05-14 |
| NickelTapestry | SecureWorks | FamousChollima | 2024-10-16 | 2025-05-08 |
| PurpleBravo | RecordedFuture | FamousChollima | 2025-02-13 | 2025-02-13 |
| TenaciousPungsan | Datadog | FamousChollima | 2024-10-24 | 2024-10-24 |
| UNC5267 | Mandiant | FamousChollima | 2024-09-23 | 2024-09-23 |
| UNC5342 | Mandiant | FamousChollima | 2025-04-24 | 2025-04-24 |
| VoidDokkaebi | TrendMicro | FamousChollima | 2025-04-23 | 2025-04-23 |
| WaterPlum | NTTSecurity | FamousChollima | 2025-05-08 | 2025-05-08 |