UNC6748UNC6748

Also known as: UNC6748

Known aliases
1

Profile

UNC6748 targets users in Saudi Arabia through a fake Snapchat website, employing a backdoor known as GHOSTKNIFE for data exfiltration. Their exploitation process initially featured basic obfuscation, which evolved to include anti-debugging measures. The actor primarily leveraged CVE-2025-31277 and CVE-2026-20700 for RCE exploits, but exhibited inconsistencies in exploit support for different iOS versions. Additionally, UNC6748's delivery mechanisms incorporated session storage checks to manage infection attempts.

Aliases· 1

UNC6748

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC6148
Actor
UNC4841
Actor
UNC2465
Actor
UNC6671
Actor
UNC6691
Actor
UNC4736
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.