Summary: A new campaign attributed to the China-linked threat actor UNC5174 employs a variant of the SNOWLIGHT malware and the VShell tool to breach Linux and macOS systems. These tools utilize open-source resources for obfuscation and cost-effectiveness, making attribution challenging. The campaign has been linked to attacks exploiting security flaws in Ivanti appliances, affecting multiple sectors worldwide.
Affected: Organizations globally, particularly those utilizing Ivanti products and Linux/macOS systems.
Keypoints :
- UNC5174 utilizes SNOWLIGHT malware and VShell, an open-source remote access trojan, in its operations.
- The attack chain starts with a bash script to deploy persistent malware and establish communications with a command-and-control server.
- Recent incidents involve exploitation of security vulnerabilities in Ivanti appliances that lead to deploying additional malware like SPAWNCHIMERA.
Source: https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html
Views: 17
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português