Chinese espionage group leans on open-source tools to mask intrusions

A Chinese state-sponsored hacking group has been observed using recently released open-source offensive security tools and other tactics in an effort to blend in with more common cybercriminal activity.

The group, UNC5174, is an espionage-minded hacking group that is believed to have ties to the Chinese government and targets Western governments, technology companies, research institutions and think tanks.

In a new campaign observed by researchers at Sysdig, the group was seen using VShell — an open-source Remote Access Trojan made by a Chinese developer and popular among Chinese cybercriminals — to carry out post-exploitation activity.

Read more at CyberScoop