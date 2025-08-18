Malware, Threat Intelligence

APT group UAT-7237 targets Taiwan web infrastructure with customized tools

Microsoft is concerned that a new hacking group targeting Taiwan entities had developed “techniques that could be easily reused in other operations outside the region.” (Image Credit: Jeffrey Coolidge)
(Image Credit: Jeffrey Coolidge)

A Chinese-speaking advanced persistent threat (APT) group, UAT-7237, linked to UAT-5918, has been targeting web infrastructure entities in Taiwan using customized open-source tools to establish long-term access within high-value victim environments, as reported by Cisco Talos experts, with further coverage provided by Security Affairs. UAT-7237, believed to be a subgroup of UAT-5918, employs a customized shellcode loader named "SoundBill" to decode and execute shellcode, including Cobalt Strike, for credential theft and maintaining access. The group exploits unpatched servers for initial access, conducts reconnaissance using commands like nslookup and systeminfo, and establishes persistence via SoftEther VPN and RDP. They utilize tools like JuicyPotato for privilege escalation and Mimikatz for credential harvesting, maintaining a presence through custom and open-source tools. The activities of UAT-7237 highlight the evolving threat landscape faced by web infrastructure entities, emphasizing the need for robust cybersecurity measures. The use of customized tools and evasion techniques by this APT group underscores the importance of continuous monitoring and patch management to mitigate such threats. Source: Security Affairs

Related

ERMAC V3.0 trojan source code leaked

Advanced banking trojan ERMAC V3.0 had its entire source code exposed following a breach that involved the exploitation of the malware-as-a-service operation's weak credentials, GBHackers News reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

CorruptionDefacementDictionary AttackDrive-by DownloadDumpSecDumpster DivingGoogle HackingHybrid AttackInformation WarfareMorris Worm

You can skip this ad in 5 seconds