UNC6485UNC6485

Also known as: UNC6485

Known aliases
1

Profile

UNC6485 is a cyber-espionage group exploiting CVE-2025-12480 in Gladinet’s Triofox file-sharing platform to gain initial network access and establish long-term persistence. They create unauthorized administrative accounts and deploy RATs, utilizing legitimate tools like Zoho Assist and AnyDesk to evade detection. Their TTPs indicate a sophisticated understanding of the platform, allowing them to blend malicious activities with legitimate administrative actions.

Aliases· 1

UNC6485

References

  1. https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC3886
Actor
UNC2465
Actor
UNC3524
Actor
UNC6384
Actor
UNC5820
Actor
UNC6692
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.