UNC2452 is a threat actor attributed to RU, also known as NOBELIUM, Midnight Blizzard, StellarParticle. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does UNC2452 exploit?

Specific CVE exploitation data for UNC2452 is being tracked. Check the Strobes VI threat actor profile for updates.

UNC2452

Also known as: NOBELIUM, Midnight Blizzard, StellarParticle, DarkHalo, Solar Phoenix

Exploited CVEs

Overview

Reporting regarding activity related to the SolarWinds supply chain injection has grown quickly since initial disclosure on 13 December 2020. A significant amount of press reporting has focused on the identification of the actor(s) involved, victim organizations, possible campaign timeline, and potential impact. The US Government and cyber community have also provided detailed information on how the campaign was likely conducted and some of the malware used. MITRE’s ATT&CK team — with the assistance of contributors — has been mapping techniques used by the actor group, referred to as UNC2452/Dark Halo by FireEye and Volexity respectively, as well as SUNBURST and TEARDROP malware.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database