Summary: A new advanced persistent threat (APT) group named UAT-5918 has been identified, targeting critical infrastructure and various sectors in Taiwan since 2023. Their tactics include gaining long-term access for information theft using web shells and open-source tools, leveraging known security flaws in outdated systems. Researchers associate their methods with other Chinese hacking groups and highlight a sophisticated approach to credential harvesting and data theft.
Affected: Critical infrastructure entities in Taiwan, as well as sectors including information technology, telecommunications, academia, and healthcare.
Keypoints :
- UAT-5918 is a threat actor focused on establishing long-term access for information theft.
- They exploit N-day vulnerabilities in unpatched web and application servers to gain initial access.
- Their tools include Fast Reverse Proxy, Neo-reGeorge, Mimikatz, and BrowserDataLite, facilitating credential harvesting and systematic data theft.
- They employ deployment of web shells to create multiple access points within victim organizations.
- The group’s activities suggest a manual process aimed primarily at information theft.
Source: https://thehackernews.com/2025/03/uat-5918-targets-taiwans-critical.html