Lucene search
K

4 matches found

Talos Blog
Talos Blog
added 2026/05/05 10:0 a.m.12 views

UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat APT group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made...

8.8CVSS7.4AI score0.28261EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/04/15 2:6 p.m.96 views

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for...

9.8CVSS8.8AI score0.99979EPSS
Exploits23
hivepro
hivepro
added 2024/03/29 8:32 a.m.29 views

UNC5174 Functions as an Initial Access Broker, Exploiting Vulnerabilities

Summary: UNC5174, a threat actor believed to be associated with China, has been identified exploiting various vulnerabilities and deploying custom tools such as SNOWLIGHT, GOHEAVY, and GOREVERSE for post-exploitation activities. These tools enable UNC5174 to carry out sophisticated cyber...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/22 11:28 a.m.59 views

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its...

10CVSS9.3AI score0.99999EPSS
Exploits48
Rows per page
Query Builder