UNC5820UNC5820

Also known as: UNC5820

Known aliases
1

Profile

UNC5820 is a threat actor exploiting the CVE-2024-47575 vulnerability in Fortinet's FortiManager, allowing them to bypass authentication and execute arbitrary commands. They have been observed exfiltrating configuration data, user information, and FortiOS256-hashed passwords from managed FortiGate devices. While the actor has staged and exfiltrated sensitive data, there is currently no evidence of lateral movement or further compromise of additional environments. Mandiant has not determined whether UNC5820 is state-sponsored or identified its geographic location.

Aliases· 1

UNC5820

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC5330
Actor
UNC5174
Actor
UNC4540
Actor
UNC5325
Actor
UNC215
Actor
UNC6148
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.