A recent report from Cisco Talos exposes a cyber intrusion by a suspected Chinese-government-backed hacking collective, tracked as UAT-7237, into a Taiwanese web hosting provider. The attackers aimed to steal credentials and implant backdoors, enabling persistent and covert access to sensitive infrastructure.
The outfit has been active at least since 2022, based on forensic analysis of a remote server hosting SoftEther VPN—a favored tool for maintaining their foothold. The chosen VPN’s configuration indicated a preference for Simplified Chinese, hinting at the attackers’ origins.
Talos researchers believe UAT-7237 is a subgroup of the broader Chinese APT UAT-5918, which is notorious for targeting Taiwan’s critical infrastructure and overlapping with other Chinese cyber gangs like Volt Typhoon and Flax Typhoon. Despite similarities, Talos distinguishes UAT-7237 by its unique operational tools and strategies.
UAT-7237 predominantly deploys Cobalt Strike as its main backdoor implant, while UAT-5918 leans on Meterpreter-based reverse shells and a greater number of web shel
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: