🇨🇳

UTA0178

APT Group Information theft and espionage 10 zero-day CVEs ETDA ✓

Also Known As 2 names

Red Dev 61 UNC5221

Target Countries 2

Countries highlighted in red

United Kingdom United States

Sectors Targeted

Public Administration 92 Research and Development in the Social Sciences and Humanities 54172 Computer Systems Design and Related Services 54151 Computer Systems Design Services 541512

Details

Origin 🇨🇳 CN
Last Updated 13 Jan 2024

MITRE ATT&CK 87

T1001 T1003 - OS Credential Dumping T1005 - Data from Local System T1014 - Rootkit T1016 - System Network Configuration Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.002 - Software Packing T1029 - Scheduled Transfer T1033 - System Owner/User Discovery T1036 - Masquerading T1041 - Exfiltration Over C2 Channel T1046 - Network Service Scanning T1049 - System Network Connections Discovery T1053 - Scheduled Task/Job T1055 - Process Injection T1056 - Input Capture T1059 - Command and Scripting Interpreter T1059.001 T1059.004 - Unix Shell T1068 - Exploitation for Privilege Escalation T1070 - Indicator Removal on Host T1070.002 - Clear Linux or Mac System Logs T1070.004 - File Deletion T1071 - Application Layer Protocol T1071.001 - Web Protocols T1071.004 - DNS T1078 - Valid Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1090 - Proxy T1090.003 - Multi-hop Proxy T1095 - Non-Application Layer Protocol T1098 - Account Manipulation T1102 - Web Service T1105 - Ingress Tool Transfer T1106 - Native API T1112 - Modify Registry T1114 - Email Collection T1124 - System Time Discovery T1132 - Data Encoding T1133 - External Remote Services T1134 T1135 - Network Share Discovery T1140 - Deobfuscate/Decode Files or Information T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1195 T1199 - Trusted Relationship T1204.002 - Malicious File T1205 - Traffic Signaling T1213 - Data from Information Repositories T1486 T1490 T1496 T1497 - Virtualization/Sandbox Evasion T1505 T1518 T1534 - Internal Spearphishing T1543 - Create or Modify System Process T1543.002 - Systemd Service T1546 - Event Triggered Execution T1548 - Abuse Elevation Control Mechanism T1550 - Use Alternate Authentication Material T1552.001 - Credentials In Files T1553 - Subvert Trust Controls T1553.004 - Install Root Certificate T1556 - Modify Authentication Process T1560 - Archive Collected Data T1562 - Impair Defenses T1562.002 - Disable Windows Event Logging T1566 - Phishing T1567 T1571 - Non-Standard Port T1572 - Protocol Tunneling T1573 - Encrypted Channel T1574 T1574.006 - Dynamic Linker Hijacking T1583 T1588 T1588.001 T1592 T1595 T1598 T1600 T1610

Related Zero-Days 10

CVE-2023-46805 CVE-2023-4966 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893 CVE-2025-0282 CVE-2025-22457 CVE-2025-4427 CVE-2025-4428 CVE-2025-61882