The French cybersecurity agency ANSSI has identified Houken, a sophisticated threat actor exploiting zero-day vulnerabilities in strategic sectors. Their activities include network breaches, credential theft, backdoor deployment, and deploying custom rootkits, with ties to China’s MSS-linked group UNC5174. #Houken #UNC5174 #ANSSI
Keypoints
- Houken exploits zero-day vulnerabilities in Ivanti CSA devices to gain initial access.
- The threat actor uses a mix of advanced tactics and publicly available hacking tools.
- Targets include governmental, telecommunications, media, finance, and transport sectors in France.
- Houken has employed sophisticated tools like Linux rootkits and modified legitimate scripts for persistence.
- Connections between Houken and UNC5174 suggest a shared Chinese MSS-linked threat group.