The Register
A suspected Chinese-government-backed cyber crew recently broke into a Taiwanese web hosting provider to steal credentials and plant backdoors for long-term access, using a mix of open-source and custom software tools, Cisco Talos reports.
Talos tracks the Chinese-speaking advanced persistent threat (APT) group as UAT-7237 and says that it has been active since at least 2022.
The security team estimated the active time period by analyzing a remote server hosting the SoftEther VPN client that UAT-7237 uses for persistent access. The server was created in September 2022 and last used in December 2024. The group also specified Simplified Chinese as the VPN's preferred display language.
Talos believes that this crew is a subgroup of another Chinese APT, UAT-5918 , which also targets Taiwan'
America News
CBS News World
Associated Press Top News
AP Breaking News
Reuters US Top
Raw Story
Reuters US Business
LiveNOW from FOX Politics
AlterNet