UNC3886
UNC3886 is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan (APJ) regions. UNC3886 has displayed a deep understanding of edge devices and virtualization technologies through the exploitation of zero-day vulnerabilities and the use of novel malware families and utilities.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
2 mentions · 1 source"These groups, such as UNC5221 and UNC3886, continued to focus heavily on security appliances and edge devices to maintain persistent access to strategic targets."
"campaigns from actors such as UNC3886 and UNC5221 highlight how the targeting of edge devices and appliances as a means of initial access has increased as a tactic by China-nexus threat actors"
Hedge terms observed