UNC1878 is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does UNC1878 exploit?

Specific CVE exploitation data for UNC1878 is being tracked. Check the Strobes VI threat actor profile for updates.

UNC1878

Exploited CVEs

Overview

UNC1878 is a financially motivated threat actor that monetizes network access via the deployment of RYUK ransomware. Earlier this year, Mandiant published a blog on a fast-moving adversary deploying RYUK ransomware, UNC1878. Shortly after its release, there was a significant decrease in observed UNC1878 intrusions and RYUK activity overall almost completely vanishing over the summer. But beginning in early fall, Mandiant has seen a resurgence of RYUK along with TTP overlaps indicating that UNC1878 has returned from the grave and resumed their operations.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database