The China-linked threat actor UNC5174 has initiated a new campaign utilizing a variant of malware named SNOWLIGHT and an open-source tool called VShell to target Linux systems. This approach reflects a trend where threat actors prefer open-source tools for their cost-effectiveness and to diminish the risk of detection, making attribution more challenging. Recent activity and reports have indicated that UNC5174, previously under the radar due to its association with the Chinese government, has adapted its strategies, further complicating cybersecurity assessments against such threats.
Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of non-state-sponsored and often less technical adversaries.
Moderately sophisticated and discreet, this intrusion set is characterized by the use of intrusion tools largely available as open source and by the - already publicly reported - use of a rootkit code.
Collection
[
|
...
]