UNC5174UNC5174

Also known as: Uteus · UNC5174

Known aliases
2

Profile

UNC5174, a Chinese state-sponsored threat actor, has been identified by Mandiant for exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect. They have been linked to targeting research and education institutions, businesses, charities, NGOs, and government organizations in Southeast Asia, the U.S., and the UK. UNC5174 is believed to have connections to China's Ministry of State Security and has been observed using custom tooling and the SUPERSHELL framework in their operations. The actor has shown indications of transitioning from hacktivist collectives to working as a contractor for Chinese intelligence agencies.

Aliases· 2

UteusUNC5174

References

  1. https://rhisac.org/threat-intelligence/f5-big-ip-and-screenconnect-cves/
  2. https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC5337
Actor
UNC5330
Actor
UNC5325
Actor
UNC5820
Actor
UNC5266
Actor
UNC215
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.