UNC1878

MISP

Tipo:
Unknown

Paese:
Unknown

Prima attivita:
Unknown

Dettagli:

UNC1878 is a financially motivated threat actor that monetizes network access via the deployment of RYUK ransomware. Earlier this year, Mandiant published a blog on a fast-moving adversary deploying RYUK ransomware, UNC1878. Shortly after its release, there was a significant decrease in observed UNC1878 intrusions and RYUK activity overall almost completely vanishing over the summer. But beginning in early fall, Mandiant has seen a resurgence of RYUK along with TTP overlaps indicating that UNC1878 has returned from the grave and resumed their operations.

Riferimenti (5)

twitter.com - 1321865315513520128
fireeye.com - Kegtap And Singlemalt With A Ransomware Chaser
gist.github.com - 6aa7f61246f53a8dd4befea86e832456
youtube.com - Watch
fireeye.com - The Cycle Of Adversary Pursuit

Metadata

ID:	300
Created:	13/01/2026 17:48
Updated:	02/05/2026 04:00