Since June 2022, Mandiant has been tracking a campaign targeting Western Media and Technology companies from a suspected North Korean espionage group tracked as UNC2970. In June 2022, Mandiant Managed Defense detected and responded to an UNC2970 phishing campaign targeting a U.S.-based technology company. During this operation, Mandiant observed UNC2970 leverage three new code families: TOUCHMOVE, SIDESHOW, and TOUCHSHIFT. Mandiant suspects UNC2970 specifically targeted security researchers in this operation.
Following the identification of this campaign, Mandiant responded to multiple UNC2970 intrusions targeting U.S. and European Media organizations through spear-phishing that used a job recruitment theme and demonstrated advancements in the groups ability to operate in cloud environments and against Endpoint Detection and Response (EDR) tools. ...read more!
