CN

UNC4540UNC4540

Also known as: UNC4540

Origin
CN
Known aliases
1

Profile

UNC4540 is a suspected Chinese threat actor targeting unpatched SonicWall Secure Mobile Access appliances to deploy custom malware that establishes long-term persistence for cyber espionage. The malware is designed to steal hashed credentials, provide shell access, and persist through firmware upgrades, utilizing a variant of the TinyShell backdoor. Mandiant has tracked UNC4540's activities back to 2021, noting their focus on maintaining access to compromised devices. The group's tactics are consistent with patterns observed in other Chinese threat actor campaigns targeting network devices for zero-day exploits.

Aliases· 1

UNC4540

References

  1. https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC4841
Actor
UNC4191
Actor
UNC6148
Actor
UNC2659
Actor
UNC2630
Actor
UNC5820
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.