Summary: The Sysdig Threat Research Team has identified a new campaign by the Chinese threat actor UNC5174, highlighting their shift to using advanced open-source tools like VShell. This campaign emphasizes sophisticated techniques, including fileless payloads and WebSocket for command and control, posing significant threats to various organizations. UNC5174 is suspected of conducting espionage and leveraging a blend of custom and open-source tools to evade detection.
Affected: Organizations targeted by UNC5174 and other similar groups
Keypoints :
- UNC5174 has shifted tactics, utilizing a new open-source tool, VShell, which is seen as more effective than Cobalt Strike.
- The group has incorporated a malicious bash script to download executables, including variants of SNOWLIGHT malware.
- Evidence suggests UNC5174 is involved in espionage activities while using sophisticated evasion methods to avoid detection.
Source: https://securityonline.info/unc5174-chinese-threat-actor-deploys-new-vshell-rat-in-campaign/