A Chinese hacking group conducted a malicious campaign targeting multiple sectors in France, including government and finance, by exploiting zero-day vulnerabilities in Ivanti Cloud Services Appliance devices. This operation, detected in September 2024 and codenamed Houken, is linked to a broader threat set tracked as UNC5174. The campaign utilizes sophisticated tactics, including open-source tools and diverse attack infrastructures. It is suggested that Houken is used by initial access brokers to penetrate networks and distribute access to subsequent threat actors for further exploitation.
While its operators use zero-day vulnerabilities and a sophisticated rootkit, they also leverage a wide number of open-source tools mostly crafted by Chinese-speaking developers.
The operators behind the UNC5174 and Houken intrusion sets are likely primarily looking for valuable initial accesses to sell to a state-linked actor seeking insightful intelligence.
Collection
[
|
...
]