CN

UNC5337UNC5337

Also known as: UNC5337

Origin
CN
Known aliases
1

Profile

UNC5337 is a suspected China-nexus espionage actor that compromised Ivanti Connect Secure VPN appliances as early as Jan. 2024. UNC5337 is suspected to exploit CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection) for infecting Ivanti Connect Secure appliances. UNC5337 leveraged multiple custom malware families including the SPAWNSNAIL passive backdoor, SPAWNMOLE tunneler, SPAWNANT installer, and SPAWNSLOTH log tampering utility. Mandiant suspects with medium confidence that UNC5337 is UNC5221.

Aliases· 1

UNC5337

References

  1. https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC5330
Actor
UNC5325
Actor
UNC5537
Actor
UNC5174
Actor
UNC3569
Actor
UNC5266
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.