A Chinese cyberspy group linked to the Ministry of State Security, identified as UNC5174, is utilizing an advanced remote access trojan (RAT) called VShell, along with other malware tools, to infiltrate global organizations. This RAT, which operates filelessly, proves more adept at evading detection than traditional methods. The group also engages in domain squatting for phishing campaigns, impersonating reputable companies to deceive victims. Their operations focus on accessing Linux systems to implement their malicious agendas, emphasizing their sophisticated cyber espionage capabilities.
The malware's fileless nature allows for prolonged stealth, evading traditional detection methods while providing attackers with remote access capabilities.
UNC5174 targets global organizations using advanced stealth techniques, including a newly identified in-memory backdoor known as VShell.
Collection
[
|
...
]