UNC5174's evolution in China's ongoing cyber warfare: From SNOWLIGHT to VShell
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Chinese state-sponsored threat actor UNC5174 has launched a new campaign using SNOWLIGHT malware and VShell, a Remote Access Trojan. The campaign targets Linux systems, employing domain squatting for phishing and social engineering. SNOWLIGHT acts as a dropper for VShell, which resides in memory as a fileless payload. The attackers use WebSockets for command and control communication, enhancing stealth. UNC5174's motivations include espionage and access brokering. The campaign has been active since November 2024, demonstrating sophisticated techniques such as memory manipulation and defense evasion. This development highlights the threat actor's expanding arsenal and continued support for Chinese government operations.
OPENCTI LABELS :
china,linux,sliver,vshell,snowlight
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
UNC5174's evolution in China's ongoing cyber warfare: From SNOWLIGHT to VShell