Security News > 2023 > September > Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed.

"UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group," the threat intelligence firm said.

While the group originally focused on telecom and business process outsourcing companies, it has since expanded its targeting to include hospitality, retail, media and entertainment, and financial services, illustrative of the growing threat.

A key hallmark of the threat actors is that they are known to leverage a victim's credentials to impersonate the employee on calls to the organization's service desk in an attempt to obtain multi-factor authentication codes and/or password resets.

The latest findings come as the group has emerged as an affiliate for the BlackCat ransomware crew, taking advantage of its new-found status to breach MGM Resorts and distribute the file-encrypting malware.

"The threat actors operate with an extremely high operational tempo, accessing critical systems and exfiltrating large volumes of data over a course of a few days," Mandiant pointed out.

News URL

https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html