China-Linked Hackers Exploit Zero-Day Flaws in Global Cyber Espionage Campaign

April 6, 2024
China-Linked Hackers Exploit Zero-Day Flaws in Global Cyber Espionage Campaign
  • Multiple China-linked threat actors have been exploiting zero-day vulnerabilities in Ivanti appliances.

  • Mandiant identified and is tracking threat clusters named UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, UNC5337, and UNC3886.

  • The actors use custom malware, such as Sliver and WARPWIRE credential stealer, alongside a new Go-based backdoor named TERRIBLETEA.

  • Targets include vCenter servers and sectors like academia, energy, defense, and health.

  • Their techniques combine zero-day exploits, open-source tools, and custom backdoors to remain undetected over long periods.

  • The activity underscores the persistent risk from these groups and underscores the need for improved cybersecurity defenses.

Summary based on 1 source


Get a daily email with more Tech stories

Related Stories