MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add UNC5174

pull/953/head
Mathieu4141 2024-03-27 05:09:24 -07:00
parent 541eb4a4a9
commit 22bea56895
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
clusters/threat-actor.json
View File

@ -15496,6 +15496,20 @@
},
"uuid": "d9709373-7a3a-4905-8c90-ba74237e77ea",
"value": "Saad Tycoon"
},
{
"description": "UNC5174, a Chinese state-sponsored threat actor, has been identified by Mandiant for exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect. They have been linked to targeting research and education institutions, businesses, charities, NGOs, and government organizations in Southeast Asia, the U.S., and the UK. UNC5174 is believed to have connections to China's Ministry of State Security and has been observed using custom tooling and the SUPERSHELL framework in their operations. The actor has shown indications of transitioning from hacktivist collectives to working as a contractor for Chinese intelligence agencies.",
"meta": {
"refs": [
"https://rhisac.org/threat-intelligence/f5-big-ip-and-screenconnect-cves/",
"https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect"
],
"synonyms": [
"Uteus"
]
},
"uuid": "0b158297-ee47-48ef-9346-0cb0f9cb348a",
"value": "UNC5174"
}
],
"version": 305