Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims’ infrastructure

June 17, 2024

Notorious cyber gang UNC3944 – the crew suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, and plenty more besides – has changed its tactics and is now targeting SaaS applications

According to Google Cloud’s Mandiant threat intelligence team, UNC3944’s activities have plenty of overlap with attack group variously known as “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider.” The group initially used credential harvesting and SIM swapping attacks in its operations, moved on to ransomware and data theft extortion, but has now shifted to “primarily data theft extortion, without the use of ransomware.”

Read More on The Register