<ciso brief/>
Tag Banner

All news with #dcsync tag

all tags →

Mon, November 17, 2025

Analysis of UNC1549 TTPs Targeting Aerospace & Defense

#Threat Report #UNC1549 #DCSync #Backdoor Found #DLL Hijacking #Azure

🔍 This joint analysis from Google Threat Intelligence and Mandiant describes UNC1549 activity observed from late 2023 through 2025 against aerospace, aviation, and defense organizations. The group commonly exploited trusted third‑party relationships, VDI breakouts, and highly targeted spear phishing to gain access, then deployed custom backdoors and tunneling tools to maintain stealth. The report provides IOCs, YARA rules, and detection guidance for Azure and enterprise environments.

read more →