Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Gartner® Report: Strategic Roadmap for CTEM
Learn More
New Integration Partnership with WIZ!
Learn More
Threat Exposure Validation Impact Report 2025
Learn More
Book a Demo
Book a Demo

UNC4191 Threat Group Targets Entities In The Philippines

December 1, 2022

The UNC4191 threat group was discovered targeting entities in the Philippines with custom malware and the NCAT command-line networking utility. The malicious software is written in C/C++, replicates by infecting new removable drives, and creates a reverse shell to the actor's command and control server. Registry Run keys are used for persistence while multiple legitimate binaries are leveraged for DLL Side-Loading.

Featured Resources

View More Resources
image
blog

Critical RCE in React Server Components CVE-2025-55182 and CVE-2025-66478: What It Means for Security Teams

Ilan Kalendarov, Security Research Team LeadBen Zamir, Security Researcher What was discovered?  A critical un-authentication remote code execution (RCE) vulnerability has been disclosed in React

Read More
image
blog

Test LLM Resilience Against Prompt Injection and Jailbreaks with New Cymulate Attack Scenarios

Executive Summary  As large language models (LLMs) become embedded in productivity, automation and security workflows, a new class of risks

Read More
image
blog

Testing LLM Resilience: How Cymulate Exposure Validation Simulates Prompt Injection and Jailbreaks 

See how Cymulate is redefining LLM security by simulating real-world prompt injection and jailbreak attacks to validate AI defenses.

Read More