#unc5221

[ follow ]
#brickstorm
fromTheregister
1 week ago

Suspected Chinese spies broke into 'numerous' enterprises

Unknown intruders - likely China-linked spies - have broken into "numerous" enterprise networks since March and deployed backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days, according to Google Threat Intelligence. In a paper published today, the threat hunters attribute these network intrusions to UNC5221 and other related suspected Chinese threat groups. UNC5221 has been abusing zero-days in buggy Ivanti gear since at least 2023.
Information security
Information security
fromSecurityWeek
1 week ago

CISA Analyzes Malware From Ivanti EPMM Intrusions

Chained authentication-bypass and RCE flaws in Ivanti EPMM enabled unauthenticated remote code execution, allowing attackers to deploy segmented malware for persistence and credential theft.
Node JS
fromTechzine Global
5 months ago

Belgian security experts find Chinese espionage malware on Windows

BRICKSTORM malware, linked to UNC5221, targets European industries for espionage while remaining undetected over long periods.
[ Load more ]