Chinese Cyberspy Masterclass: UNC5174’s Sneaky RAT Outsmarts Cobalt Strike
Chinese snoops have unleashed the VShell backdoor, a stealthier and “even better” Cobalt Strike alternative, to infiltrate global organizations. This malware, reportedly with ties to China’s Ministry of State Security, enables high-level espionage and access resale campaigns. UNC5174, the culprit, prefers Linux systems and regularly updates its digital disguises.
Hot Take:
It seems like the World Wide Web just got a new villain in its rogues’ gallery! UNC5174 is here, and they’re bringing a rat to a trojan party. Move over, Cobalt Strike—there’s a new backdoor in town, and it’s stealthier than a ninja in a blackout. The world’s organizations might want to watch their digital backs because this cyberspy crew is dropping malware like they’re Oprah giving away cars. “You get a RAT! You get a RAT! Everybody gets a RAT!”
Key Points:
- UNC5174 is tied to China’s Ministry of State Security and uses a RAT that’s “better” than Cobalt Strike.
- They employ a mix of custom and open-source malware, including SNOWLIGHT and VShell.
- VShell is fileless, making it hard to detect, and can operate across macOS, Windows, and Linux.
- The group has been targeting US-based organizations and spoofing well-known companies.
- UNC5174 is likely to continue providing occasional support to the Chinese government.