• Home
  • Vendor News
  • Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970


Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970

13 March 2023

Since June 2022, Mandiant has been tracking a campaign targeting Western Media and Technology companies from a suspected North Korean espionage group tracked as UNC2970. In June 2022, Mandiant Managed Defense detected and responded to an UNC2970 phishing campaign targeting a U.S.-based technology company. During this operation, Mandiant observed UNC2970 leverage three new code families: TOUCHMOVE, SIDESHOW, and TOUCHSHIFT. Mandiant suspects UNC2970 specifically targeted security researchers in this operation.

Following the identification of this campaign, Mandiant responded to multiple UNC2970 intrusions targeting U.S. and European Media organizations through spear-phishing that used a job recruitment theme and demonstrated advancements in the groups ability to operate in cloud environments and against Endpoint Detection and Response (EDR) tools. ...read more!

Ectacom HQ Munich

ectacom GmbH
+49 8102 8952-0
Friedrich-Bergius-Str. 12
D-85662 Hohenbrunn


ectacom Salesoffice
+43 664 42 20 555
Am Europlatz 2
A-1120 Wien


ectacom Salesoffice
+48 501 295 580
This email address is being protected from spambots. You need JavaScript enabled to view it.