Threat hunters have identified a new threat actor, UAT-5918, actively targeting critical infrastructure entities in Taiwan since at least 2023. Motivated by long-term information theft, UAT-5918 is assessed as an advanced persistent threat (APT) group, sharing similarities with various Chinese hacking crews. This group exploits unpatched web and application servers, deploying open-source tools for reconnaissance and credential harvesting. Their tactics include setting up reverse proxy tunnels and using tools like Mimikatz to extract sensitive information, thus demonstrating a sophisticated level of cyber-attack methodology aimed at sustained access and exploitation.
Threat hunters have uncovered UAT-5918, a new threat actor targeting critical infrastructure in Taiwan, using advanced tactics for long-term information theft since 2023.
This advanced persistent threat group employs web shells and open-source tools to gain persistent access and exploit N-day vulnerabilities in unpatched servers.
UAT-5918 shares tactical overlaps with Chinese hacking crews like Volt Typhoon, utilizing sophisticated tools for credential harvesting and lateral movement within networks.
By leveraging tools such as Mimikatz and BrowserDataLite, UAT-5918 deepens its intrusion, effectively pilfering sensitive login information and gaining control over target environments.
Collection
[
|
...
]