FireEye’s investigation unit Mandiant has published the details of a new security threat called the UNC1945. The organization said that the threat actor used a zero-day liability in the Oracle Solaris OS as part of its breach into the corporate networks. Common targets of UNC194 attacks include organizations dealing in consultation, financial, telecommunications, etc.
The zero-day vulnerability as tagged as CVE-2020-14781 by the Solaris Pluggable Authentication Module (PAM), which allowed the threat actor to circumvent the authentication process and deploy a backdoor called the SLAPSTICK on the exposed Solaris servers. Mandiant said that the hackers used the backdoor to gain access and launch reconnaissance activities inside the corporate networks.