home.social

#unc5221 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #unc5221, aggregated by home.social.

  1. Google China-linked hackers (#UNC5221) are targeting US SaaS and tech firms using the new BRICKSTORM malware, exploiting zero-day flaws, Mandiant has found.

    Read: hackread.com/china-hackers-hit

    #CyberSecurity #BRICKSTORM #0Day #InfoSec #APT #CyberAttack

  2. #Google warns #China-linked spies lurking in 'numerous' #enterprises
    Since March, Google's #Mandiant #incidentresponse team have responded to these #UNC5221-related break-ins across legal, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and technology companies. They were fount to deploy #backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days!
    theregister.com/2025/09/24/goo

  3. 👀 Freshly published analysis of BRICKSTORM backdoor samples, now on Windows, identified in a multi-year espionage campaign attributed to the PRC: nviso.eu/blog/nviso-analyzes-b

    #threatintel #backdoor #unc5221

  4. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  5. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  6. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  7. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  8. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291