Priya PatelTLDR:
- Investigation by Mandiant revealed that a likely Chinese hacker-for-hire, going by the alias UNC5174, exploited N-Day vulnerabilities in a campaign targeting Southeast Asian and U.S. organizations.
- The hacker, known as “Uteus” on underground forums, employed custom tooling and a publicly available framework called Supershell, displaying unique tactics.
The investigation by Mandiant identified a likely Chinese hacker-for-hire who exploited high-profile vulnerabilities to target Southeast Asian and U.S. government and research organizations. The threat actor identified as UNC5174, is believed to be operating in China and was spotted using a combination of custom tools and a publicly available command-and-control framework called Supershell. By leveraging vulnerabilities in F5 BIG-IP and ScreenConnect software, the hacker claimed to have accessed various organizations globally, with a focus on the U.S. and Canada. UNC5174’s aggressive targeting strategy extended to institutions in Hong Kong, as well as governments in the United States and the United Kingdom. The hacker’s rapid exploitation of zero-day flaws and post-exploit behaviors indicated a connection to the Chinese Ministry of State Security, suggesting both espionage and financially motivated hacking. The hacker’s evolving tactics, coupled with the exploitation of freshly patched vulnerabilities, pose an ongoing threat to academic, NGO, and government sectors globally, with a heightened risk for organizations in the United States, Canada, the United Kingdom, Southeast Asia, and Hong Kong.
