FBI Warns of UNC6040 and UNC6395 Threat Groups Targeting US Organizations

The FBI has issued a critical warning about two emerging threat groups, UNC6040 and UNC6395, targeting US organizations with sophisticated cyberattacks. These groups have been linked to multiple intrusion campaigns involving advanced malware and exploitation techniques aimed at stealing sensitive data and disrupting operations. UNC6040 and UNC6395 employ a range of tactics including spear-phishing, exploitation of software vulnerabilities, and deployment of custom malware to maintain persistence and evade detection. The FBI's alert highlights the importance of enhanced cybersecurity measures, including timely patching, network monitoring, and employee awareness training to mitigate these threats. Organizations are urged to review their security postures and implement recommended defenses to protect against these evolving adversaries. This advisory underscores the growing complexity and frequency of cyber threats facing critical infrastructure and private sector entities in the US.

This Cyber News was published on thehackernews.com. Publication date: Sun, 14 Sep 2025 20:29:05 +0000

Cyber News related to FBI Warns of UNC6040 and UNC6395 Threat Groups Targeting US Organizations

FBI Warns of UNC6040 and UNC6395 Threat Groups Targeting US Organizations - The FBI has issued a critical warning about two emerging threat groups, UNC6040 and UNC6395, targeting US organizations with sophisticated cyberattacks. These groups have been linked to multiple intrusion campaigns involving advanced malware and ...
3 months ago Thehackernews.com CVE-2024-12345 CVE-2024-67890 UNC6040 UNC6395

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
5 months ago Cybersecuritynews.com

US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
2 years ago Wired.com

FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data - The FBI has issued a warning about two advanced hacking groups, UNC6040 and UNC6395, actively targeting Salesforce data. These threat actors are exploiting vulnerabilities and using sophisticated tactics to infiltrate organizations and steal ...
3 months ago Bleepingcomputer.com UNC6040 UNC6395

FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
2 years ago Bleepingcomputer.com LockBit Noescape

How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
2 years ago Bleepingcomputer.com LockBit Noescape

Google Releases Guide Against UNC6040 - Google has published a comprehensive guide to help organizations defend against the threat group UNC6040. This group is known for its sophisticated cyber espionage campaigns targeting various sectors globally. The guide details the tactics, ...
2 months ago Cybersecuritynews.com UNC6040

Threat Intelligence Feeds Flood Analysts With Data, But Context Still Lacking - By combining external threat data with internal risk assessments, contextual threat intelligence helps organizations measure the risk level of alerts or vulnerabilities in relation to their business and technical assets, ensuring that the most ...
8 months ago Cybersecuritynews.com

FBI's latest defense of warrantless S. 702 snooping is China The Register - Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government. Wray cited an example he's used previously about how, last ...
1 year ago Go.theregister.com Volt Typhoon

FBI warns of gift card fraud ring targeting retail companies - The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. Tracked as Storm-0539, this hacking group ...
1 year ago Bleepingcomputer.com

BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
2 years ago Krebsonsecurity.com

North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
10 months ago Darkreading.com Andariel Kimsuky

How the FBI Infiltrated the Hive Ransomware Gang Systems - The FBI has recently infiltrated the systems of the Hive ransomware gang, one of the most sophisticated and successful global cybercrime gangs. This infiltration is a major victory for the FBI in its fight against ransomware, cybercrime, and other ...
2 years ago Bleepingcomputer.com

20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
8 months ago Cybersecuritynews.com

ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH - A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. These breaches have ...
4 months ago Bleepingcomputer.com Hunters Scattered Spider

Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon

FBI Director: FISA 702 warrant requirement 'de facto ban' The Register - FBI director Christopher Wray made yet another impassioned plea to US lawmakers to kill a proposed warrant requirement for so-called "US person queries" of data collected via the Feds' favorite snooping tool, FISA Section 702. This controversial ...
2 years ago Theregister.com

6 Ransomware Trends & Evolutions For 2023 - More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. ...
2 years ago Trendmicro.com TeamTNT

1 1

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky

FBI and CISA warn of opportunistic Rhysida ransomware attacks - The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors. Rhysida, a ransomware enterprise that surfaced in May 2023, quickly gained notoriety after breaching the ...
2 years ago Bleepingcomputer.com Rhysida

10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
9 months ago Cybersecuritynews.com

FBI: Thousands of people involved in 'The Com' targeting victims with ransomware, swatting | The Record from Recorded Future News - The activities include ransomware attacks, swatting, extortion of minors, the distribution of child sexual abuse material, distributed denial-of-service (DDoS) attacks, SIM Swapping, cryptocurrency theft and more. Extortion Com “primarily involves ...
5 months ago Therecord.media Scattered Spider

How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
2 years ago Cyberdefensemagazine.com Hunters

Ransomware in 2024: Anticipated impact, targets, and landscape shift - As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. Here is what we can expect the ransomware landscape to look like in 2024. In 2024, we'll see more ...
2 years ago Helpnetsecurity.com LockBit

Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com