About this actor
[Cutting Edge](https://attack.mitre.org/campaigns/C0029) was a campaign conducted by suspected China-nexus espionage actors, variously identified as UNC5221/UTA0178 and UNC5325, that began as early as December 2023 with the exploitation of zero-day vulnerabilities in Ivanti Connect Secure (previously Pulse Secure) VPN appliances. [Cutting Edge](https://attack.mitre.org/campaigns/C0029) targeted the U.S. defense industrial base and multiple sectors globally including telecommunications, financial, aerospace, and technology. [Cutting Edge](https://attack.mitre.org/campaigns/C0029) featured the use of defense evasion and living-off-the-land (LoTL) techniques along with the deployment of web shells and other custom malware.(Citation: Mandiant Cutting Edge January 2024)(Citation: Volexity Ivanti Zero-Day Exploitation January 2024)(Citation: Volexity Ivanti Global Exploitation January 2024)(Citation: Mandiant Cutting Edge Part 2 January 2024)(Citation: Mandiant Cutting Edge Part 3 February 2024)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 27 / 42 | 64% |
CM-6 | 26 / 42 | 62% |
AC-3 | 24 / 42 | 57% |
CM-2 | 23 / 42 | 55% |
SI-3 | 20 / 42 | 48% |
AC-2 | 19 / 42 | 45% |
AC-6 | 19 / 42 | 45% |
AC-5 | 17 / 42 | 40% |
CM-5 | 17 / 42 | 40% |
CM-7 | 16 / 42 | 38% |
CA-7 | 15 / 42 | 36% |
IA-2 | 15 / 42 | 36% |
SC-7 | 13 / 42 | 31% |
AC-4 | 11 / 42 | 26% |
RA-5 | 10 / 42 | 24% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- APT5 0.33
- Aquatic Panda 0.32
- Play 0.31
- APT39 0.30
- C0032 0.27
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- KV Botnet Activity 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00