Introducing Cymulate Vero AI for Agentic Cyber Defense Engineering
Learn More
New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
New Research: Exploiting Configuration Trust in AI Coding Tools
Learn More
New Case Study: How a Financial Authority Validates Cyber Resilience
Learn More
Book a Demo
Book a Demo

UNC4191 Threat Group Targets Entities In The Philippines

December 1, 2022

The UNC4191 threat group was discovered targeting entities in the Philippines with custom malware and the NCAT command-line networking utility. The malicious software is written in C/C++, replicates by infecting new removable drives, and creates a reverse shell to the actor's command and control server. Registry Run keys are used for persistence while multiple legitimate binaries are leveraged for DLL Side-Loading.

Featured Resources

View More Resources
image
CUSTOMERS

Financial Regulatory Authority Strengthens Security and Gains Continuous Visibility with Cymulate

Limited Visibility and Reliance on Point-in-Time Testing With a lean team of five responsible for securing a complex internal environment,

Read Case Study
image
blog

CVE-2026-35603: One Writable Folder, Every User Compromised: Exploiting Configuration Trust in AI Coding Tools

Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher The AI coding tools that millions of developers launch every

Read More
image
Demo

Auto Mitigation Demo

Cymulate Auto Mitigation closes the risk-to-fix gap by automatically deploying targeted control updates when exposures are discovered. It then re-validates

Learn More