#unc5221
#unc5221

Unknown intruders - likely China-linked spies - have broken into "numerous" enterprise networks since March and deployed backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days, according to Google Threat Intelligence. In a paper published today, the threat hunters attribute these network intrusions to UNC5221 and other related suspected Chinese threat groups. UNC5221 has been abusing zero-days in buggy Ivanti gear since at least 2023.

Information security

fromSecurityWeek

5 months ago

CISA Analyzes Malware From Ivanti EPMM Intrusions

Chained authentication-bypass and RCE flaws in Ivanti EPMM enabled unauthenticated remote code execution, allowing attackers to deploy segmented malware for persistence and credential theft.

Node JS

fromTechzine Global

10 months ago

Belgian security experts find Chinese espionage malware on Windows

BRICKSTORM malware, linked to UNC5221, targets European industries for espionage while remaining undetected over long periods.

[ Load more ]

#unc5221#unc5221

Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Suspected Chinese spies broke into 'numerous' enterprises

CISA Analyzes Malware From Ivanti EPMM Intrusions

Belgian security experts find Chinese espionage malware on Windows

#unc5221
#unc5221