Chinese snoops use stealth RAT to backdoor US orgs – still active last week

Summary

A group linked to China’s Ministry of State Security has successfully infected various global organisations with a stealthy remote access trojan (RAT), surpassing even the infamous Cobalt Strike in capability. This cyber espionage crew, referred to as UNC5174, has implemented its attacks using both custom and open-source malware, including a new in-memory backdoor named VShell. This stealthy approach enables prolonged undetected access to targeted systems, primarily US-based organisations, along with similar incursions detected in regions such as Hong Kong and Europe.

Source: The Register

Key Points

Chinese spying group UNC5174 utilises advanced RAT techniques to breach global organisations.
The malware campaign employs a mix of custom solutions and open-source tools, including VShell and SNOWLIGHT.
VShell is an in-memory backdoor disguised as legitimate software, difficult for traditional antivirus solutions to detect.
Attackers have been known to impersonate well-known companies through domain squatting for social engineering attacks.
The group is predicted to continue aiding the Chinese government in future espionage efforts.

Why should I read this?

If you’re concerned about cybersecurity (and who isn’t these days?), this article lays bare the alarming tactics of a state-sponsored hacking group that’s still making waves. It’s a critical reminder of how persistent and well-resourced these attackers are, and it highlights the necessity for heightened vigilance in protecting organisational infrastructures. Save the hassle of sifting through endless reports; here’s a concise summary that gets straight to the heart of the matter.

“`