Threat Group 2889 is an alternate name for the group known as Cleaver

---

Threat Group 2889 is an advanced persistent threat (APT) that has been active since at least 2013 and targets government agencies, military organizations, defense contractors, telecommunications companies, and financial institutions in various countries including the United States. The group uses a variety of tactics to gain access to their target networks, such as spear-phishing emails or exploiting vulnerabilities in software. Once inside, they can steal sensitive information, conduct surveillance operations, and potentially cause disruption through cyber attacks. Threat Group 2889 is considered a serious threat due to its sophistication and ability to evade detection for extended periods of time.

Techniques, tactics and practices:

Threat Group 2889 uses a variety of techniques to gain access to their target networks. These include spear-phishing emails, which are personalized and appear to come from trusted sources in order to trick the recipient into opening an attachment or clicking on a link that installs malware. They also exploit vulnerabilities in software, such as outdated versions of Adobe Flash Player, to gain access to systems without needing user credentials. Once inside, they use various tactics and techniques to avoid detection, including hiding their activities within legitimate network traffic or using encrypted communication channels. Overall, Threat Group 2889 is considered a highly sophisticated threat due to its ability to evade detection for extended periods of time while conducting extensive surveillance operations and potentially causing disruption through cyber attacks on sensitive networks.