Initial access to Linux systems has been leveraged by Chinese state-sponsored threat actor UNC5174, also known as Uteus or Uetus, to facilitate the distribution of a nefarious bash script with SNOWLIGHT malware- and Sliver implant-associated payloads, according to an analysis from Sysdig. SNOWLIGHT then deploys the VShell remote access trojan, which allows arbitrary command execution and file uploads or downloads, said Sysdig researchers. Another report from Taiwanese cybersecurity firm TeamT5 revealed that organizations in various industries across almost 20 countries, including the U.S., have been compromised with the SPAWNCHIMERA malware by a China-linked hacking operation in attacks involving Ivanti Connect Secure VPN flaws, tracked as CVE-2025-0282 and CVE-2025-22457. Such findings come as the U.S. National Security Agency was alleged by China of having targeted Huawei and other critical information infrastructure organizations during February's Asian Winter Games.
Chinese hackers set sights on Linux systems, Ivanti appliances
Vulnerable Linux and Ivanti Connect Secure VPN devices have been targeted in separate Chinese malware attack campaigns, reports The Hacker News.
