This technical research paper presents an in-depth analysis of UNG0002, an advanced persistent threat group operating across multiple Asian jurisdictions. Tracked by Seqrite Labs, the group has targeted government, defense, aviation, energy, academia, software, and gaming sectors using spear-phishing, malicious LNK files, VBScript, PowerShell, and DLL sideloading. The paper details two major campaigns—Operation Cobalt Whisper and Operation AmberMist—highlighting evolving tactics, techniques, and procedures. Comprehensive technical analysis covers infection chains, payload delivery, command-and-control infrastructure, malware variants, and MITRE ATT&CK mapping. The research provides actionable intelligence to help defenders detect, hunt, and mitigate sophisticated regional threats.

Join for free to read