Taiwanese web hosting providers are targeted by a Chinese APT group, UAT-7237, which has been active since 2022. The threat actor employs sophisticated techniques including web shells, VPNs, and custom malware to gain long-term access and conduct espionage. #UAT7237 #SoftEtherVPN
Keypoints
- UAT-7237 is a Chinese APT group active since 2022, focusing on Taiwan web hosts.
- The threat actor uses web shells, Cobalt Strike, and RDP for infiltration and control.
- They deploy custom malware like SoundBill and utilize tools such as JuicyPotato for escalation.
- The group has maintained long-term access using SoftEther VPN, established over two years ago.
- Reconnaissance involves network scanning and credential exfiltration to expand their presence.