home.social

#unc5174 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #unc5174, aggregated by home.social.

  1. Podniesienie uprawnień w VMware – grupa UNC5174 powiązana z Chinami wykorzystuje lukę CVE-2025-41244

    29 września 2025 r. Broadcom poinformował o luce bezpieczeństwa CVE-2025-41244 w oprogramowaniu VMware Tools i VMware Aria, umożliwiającej lokalną eskalację uprawnień. Zgodnie z opinią badaczy z NVISO, luka była aktywnie wykorzystywana jako zero-day od co najmniej października 2024 roku. Za atakami stała grupa UNC5174 utożsamiana przez analityków z chińskim aparatem...

    #WBiegu #Chiny #Lpe #Unc5174 #Vmware #VmwareTools

    sekurak.pl/podniesienie-uprawn

  2. Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
    #SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
    In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
    theregister.com/2025/06/09/chi

  3. Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
    #SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
    In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
    theregister.com/2025/06/09/chi

  4. Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
    discovered the campaign when they tried to hit the vendor's own servers
    In their report, they describe a series of intrusions between July 2024 and March 2025 involving and post-exploitation espionage activity that SentinelOne has dubbed "", publicly reported as and , And they're blaming .
    theregister.com/2025/06/09/chi

  5. Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
    #SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
    In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
    theregister.com/2025/06/09/chi

  6. Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
    #SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
    In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
    theregister.com/2025/06/09/chi

  7. UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell
    #UNC5174
    sysdig.com/blog/unc5174-chines

  8. Mandiant reported on the N-day exploitation of CVE-2023-46747 (9.8 critical, disclosed 26 October 2023 by F5, added to CISA KEV on 31 October 2023) unauthenticated RCE and ConnectWise CVE-2024-1709 (10.0 critical, disclosed 19 February 2024 by ConnectWise as exploited zero-day, in KEV) by the Chinese threat actor UNC5174, who they assess to be acting as a contractor for China's Ministry of State Security (MSS). Mandiant provides timeline and evidence of exploitation, post-exploitation tactics, custom malware and tooling. IOC and detection rules provided. 🔗 mandiant.com/resources/blog/in

    #UNC5174 #China #cyberespionage #threatintel #IOC #MSS #CVE_2023_46747 #CVE_2024_1709 #F5 #ConnectWise #ScreenConnect #eitw #activeexploitation #KEV