UAT-5918

Also known as: UAT-5918

UAT-5918 is an APT group that targets entities in Taiwan, primarily in telecommunications, healthcare, and IT sectors, to establish long-term access for information theft. They exploit N-day vulnerabilities in unpatched web and application servers to gain initial access and utilize web shells, credential harvesting tools like Mimikatz and LaZagne, and red-teaming tools for post-compromise activities. UAT-5918 conducts network reconnaissance to pivot across endpoints, harvesting credentials and sensitive data, including database backups. Their operations show significant overlap with other APT groups in terms of TTPs and targeted industries.

Introduction

UAT-5918 is an APT group that targets entities in Taiwan, primarily in telecommunications, healthcare, and IT sectors, to establish long-term access for information theft. They exploit N-day vulnerabilities in unpatched web and application servers to gain initial access and utilize web shells, credential harvesting tools like Mimikatz and LaZagne, and red-teaming tools for post-compromise activities. UAT-5918 conducts network reconnaissance to pivot across endpoints, harvesting credentials and sensitive data, including database backups. Their operations show significant overlap with other APT groups in terms of TTPs and targeted industries.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Xploit
  • CrossRat

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.