#unc5221 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #unc5221, aggregated by home.social.
-
Beyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base -
Beyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base -
Beyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base -
Beyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base -
Beyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base -
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware https://hackread.com/china-hackers-hit-us-tech-firms-brickstorm-malware/ #Cybersecurity #Vulnerability #CyberAttack #BRICKSTORM #Security #Mandiant #Malware #UNC5221 #Google #China #Linux #0day #SaaS
-
Google China-linked hackers (#UNC5221) are targeting US SaaS and tech firms using the new BRICKSTORM malware, exploiting zero-day flaws, Mandiant has found.
Read: https://hackread.com/china-hackers-hit-us-tech-firms-brickstorm-malware/
-
#Google warns #China-linked spies lurking in 'numerous' #enterprises
Since March, Google's #Mandiant #incidentresponse team have responded to these #UNC5221-related break-ins across legal, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and technology companies. They were fount to deploy #backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days!
https://www.theregister.com/2025/09/24/google_china_spy_report/ -
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
#BRICKSTORM #UNC5221
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign -
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures -
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures -
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures -
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures -
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures -
👀 Freshly published analysis of BRICKSTORM backdoor samples, now on Windows, identified in a multi-year espionage campaign attributed to the PRC: https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances – Source: www.securityweek.com https://ciso2ciso.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #NetworkSecurity #securityweekcom #CVE-2025-22457 #ConnectSecure #PulseConnect #securityweek #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances – Source: www.securityweek.com https://ciso2ciso.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #NetworkSecurity #securityweekcom #CVE-2025-22457 #ConnectSecure #PulseConnect #securityweek #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances – Source: www.securityweek.com https://ciso2ciso.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #NetworkSecurity #securityweekcom #CVE-2025-22457 #ConnectSecure #PulseConnect #securityweek #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances – Source: www.securityweek.com https://ciso2ciso.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #NetworkSecurity #securityweekcom #CVE-2025-22457 #ConnectSecure #PulseConnect #securityweek #Mandiant #UNC5221 #Ivanti
-
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
#CVE_2025_22457 #UNC5221 #TRAILBLAZE #BRUSHFIRE #SPAWNSNARE #SPAWNWAVE
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability -
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/ #Malware&Threats #NetworkSecurity #ConnectSecure #CVE202522457 #PulseConnect #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/ #Malware&Threats #NetworkSecurity #ConnectSecure #CVE202522457 #PulseConnect #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/ #Malware&Threats #NetworkSecurity #ConnectSecure #CVE202522457 #PulseConnect #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/ #Malware&Threats #NetworkSecurity #ConnectSecure #CVE202522457 #PulseConnect #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/ #Malware&Threats #NetworkSecurity #ConnectSecure #CVE202522457 #PulseConnect #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/ #Malware&Threats #NetworkSecurity #ConnectSecure #CVE202522457 #PulseConnect #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/ #Malware&Threats #NetworkSecurity #ConnectSecure #CVE202522457 #PulseConnect #Mandiant #UNC5221 #Ivanti
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/ #Malware&Threats #NetworkSecurity #ConnectSecure #CVE202522457 #PulseConnect #Mandiant #UNC5221 #Ivanti
-
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
#CVE_2025_0282 #CVE_2025_0283 #UNC5337 #UNC5221 #PHASEJAM #SPAWNMOLE
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/ -
I buried the lede in not mentioning that UNC5291 is assessed with medium confidence to be associated with Volt Typhoon, a Chinese state-sponsored Advanced Persistent Threat (APT). See related The Record reporting: Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
I buried the lede in not mentioning that UNC5291 is assessed with medium confidence to be associated with Volt Typhoon, a Chinese state-sponsored Advanced Persistent Threat (APT). See related The Record reporting: Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
I buried the lede in not mentioning that UNC5291 is assessed with medium confidence to be associated with Volt Typhoon, a Chinese state-sponsored Advanced Persistent Threat (APT). See related The Record reporting: Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
I buried the lede in not mentioning that UNC5291 is assessed with medium confidence to be associated with Volt Typhoon, a Chinese state-sponsored Advanced Persistent Threat (APT). See related The Record reporting: Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
I buried the lede in not mentioning that UNC5291 is assessed with medium confidence to be associated with Volt Typhoon, a Chinese state-sponsored Advanced Persistent Threat (APT). See related The Record reporting: Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at https://cloud.google.com/blog/topics/threat-intelligence/
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at https://cloud.google.com/blog/topics/threat-intelligence/
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at https://cloud.google.com/blog/topics/threat-intelligence/
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at https://cloud.google.com/blog/topics/threat-intelligence/
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291
-
Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at https://cloud.google.com/blog/topics/threat-intelligence/
#Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291