French authorities reveal that a Chinese hacking group has targeted various sectors in France using zero-day vulnerabilities in Ivanti Cloud Services appliances. The campaign, linked to threat sets Houken and UNC5174, involves sophisticated tools and multiple stages of exploitation, aiming for intelligence and financial gains. #Houken #UNC5174
Keypoints
- The French cybersecurity agency identified a Chinese hacking campaign exploiting Ivanti CSA zero-days.
- The threat actors use a combination of web shells, rootkits, and kernel modules for persistence and control.
- The campaign targets government, telecommunications, media, finance, and education sectors across regions.
- Houken and UNC5174 share tradecraft and are believed to be operated by the same threat actor or group.
- The attackers are primarily motivated by financial gain, selling access and data to other entities.
Read More: https://thehackernews.com/2025/07/chinese-hackers-exploit-ivanti-csa-zero.html