Initial Access Brokers Exploit F5 BIG-IP And ScreenConnect Vulnerabilities
"UNC5174 a threat actor believed to operate on behalf of the Peoples Republic of China has been observed engaging in cyberattacks using a combination of custom tools and the Supershell framework. These attacks targeted vulnerabilities such as CVE-2023-46747 in F5 BIG-IP Traffic Management User Interface and CVE-2024-1709 in Connectwise ScreenConnect.UNC5174 possibly operating under the persona ""Uteus"" has transitioned from hacktivism to contracting for Chinas Ministry of State Security (MSS). They have been seen attempting to sell access to compromised systems including those belonging to U.S. defense contractors UK government entities and institutions in Asia. In February 2024 UNC5174 exploited CVE-2024-1709 to compromise numerous institutions primarily in the U.S. and Canada utilizing various malicious tools like SnowLight downloader GoHeavy and Supershell."