CN

UNC4841UNC4841

Also known as: SLIME57 · UNC4841

Origin
CN
Known aliases
2

Profile

UNC4841 is a well-resourced threat actor that has utilized a wide range of malware and purpose-built tooling to enable their global espionage operations. They have been observed selectively deploying specific malware families at high priority targets, with SKIPJACK being the most widely deployed. UNC4841 primarily targeted government and technology organizations, but they have also been observed targeting other verticals.

Aliases· 2

SLIME57UNC4841

References

  1. https://cloud.google.com/blog/topics/threat-intelligence/unc4841-post-barracuda-zero-day-remediation/
  2. https://cloud.google.com/blog/topics/threat-intelligence/barracuda-esg-exploited-globally/
  3. https://i.blackhat.com/Asia-24/Presentations/Asia-24-Chen-Chinese-APT.pdf
  4. https://www.youtube.com/watch?v=PSaix1C-UMI
  5. https://www.youtube.com/watch?v=4zaStuUdvrE
  6. https://sansorg.egnyte.com/dd/8ekLJCPHPj/
  7. https://www.cisa.gov/sites/default/files/2023-07/MAR-10454006.r3.v1.CLEAR_.pdf
  8. https://www.cisa.gov/sites/default/files/2023-07/MAR-10454006.r2.v1.CLEAR_.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC4540
Actor
UNC4191
Actor
UNC6148
Actor
UNC4736
Actor
UNC5537
Actor
UNC3886
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.