Cyber Espionage Group UNC1549 Targets Aerospace and Defense

The cyber espionage group UNC1549 has been observed deploying backdoors like TWOSTROKE and DEEPROOT in continued attacks on aerospace, aviation, and defense industries. The group, tracked by Mandiant, uses sophisticated initial access vectors, including third-party relationships and targeted phishing. They employ a strategy of compromising less-protected suppliers to infiltrate high-security environments. Post-exploitation activities include reconnaissance, credential harvesting, and information theft using custom tools.