"Unknown intruders - likely China-linked spies - have broken into "numerous" enterprise networks since March and deployed backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days, according to Google Threat Intelligence. In a paper published today, the threat hunters attribute these network intrusions to UNC5221 and other related suspected Chinese threat groups. UNC5221 has been abusing zero-days in buggy Ivanti gear since at least 2023."
"UNC in Google's threat-group naming taxonomy stands for "Uncategorized," as opposed to FIN (financially motivated) or APT (advanced persistent threat, which means government-backed). [Editor's note: read all about the various security companies' methods for naming cyber crews here... then go bang your head against the wall.] Since March, Google's Mandiant Consulting and incident response team have responded to these UNC5221-related break-ins across legal services, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and technology companies."
Unknown intruders likely linked to China breached numerous enterprise networks since March, deploying backdoors and exfiltrating intellectual property and other sensitive data while averaging 393 days undetected. The intrusions are attributed to UNC5221 and related suspected Chinese threat groups, with UNC5221 exploiting zero-days in buggy Ivanti appliances since at least 2023. The UNC crew is distinct from Silk Typhoon (aka Hafnium). Google's Mandiant Consulting and incident response team responded to incidents across legal services, SaaS providers, BPOs, and technology companies. Operators primarily used BRICKSTORM backdoors on appliances lacking EDR support, enabling prolonged access and pivot opportunities.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]