UNC3944 Targets SaaS Applications | allinfosecnews.com

June 13, 2024, 2 p.m. | Mandiant

Threat Intelligence cloud.google.com

Introduction

UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider" and has been observed adapting its tactics to include data theft from software-as-a-service (SaaS) applications to attacker-owned cloud storage objects (using cloud synchronization tools), persistence mechanisms against virtualization platforms, and lateral movement via SaaS permissions abuse. Active since at least May 2022, UNC3944 has leveraged underground communities like …

0ktapus applications as-a-service attacker cloud cloud storage data data theft from software introduction lateral lateral movement mechanisms octo octo tempest persistence platforms public reporting saas saas applications scattered spider scatter swine service software spider storage synchronization tactics tempest theft threat threat group threat intelligence tools unc3944 using virtualization

More from cloud.google.com / Threat Intelligence

Global Revival of Hacktivism Requires Increased Vigilance from Defenders 5 days, 20 hours ago | cloud.google.com

activism daniel defenders global +11

Cloaked and Covert: Uncovering UNC3886 Espionage Operations 2 weeks ago | cloud.google.com

actor alex china cloaked +20

UNC3944 Targets SaaS Applications 2 weeks, 5 days ago | cloud.google.com

0ktapus applications as-a-service attacker +34

Insights on Cyber Threats Targeting Users and Enterprises in Brazil 2 weeks, 6 days ago | cloud.google.com

adam brazil critical cyber +18

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion 3 weeks, 2 days ago | cloud.google.com

campaign cloud cloud data collections +24

Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics 3 weeks, 6 days ago | cloud.google.com

cyber cyber espionage cyber threat cyber threats +19

Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools 4 weeks, 1 day ago | cloud.google.com

april attackers blog blog post +14

IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders 1 month, 1 week ago | cloud.google.com

advanced advanced persistent threat apt box +24

Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets 1 month, 1 week ago | cloud.google.com

access amazon amazon web services atlassian +26

Senior Corporate & Commercial Counsel

@ Armis Security | North Carolina, United States

View on infosec-jobs.com

Senior Corporate & Commercial Counsel

@ Armis Security | Georgia, United States

View on infosec-jobs.com

Senior Corporate & Commercial Counsel

@ Armis Security | Boston, Massachusetts, United States

View on infosec-jobs.com

Senior Corporate & Commercial Counsel

@ Armis Security | Austin, Texas, United States

View on infosec-jobs.com

IP Network Engineer

@ Rogers Communications | Calgary, AB, CA

View on infosec-jobs.com

Global Product Manager

@ Vodafone | London, GB

View on infosec-jobs.com