UAT-5918 ATP group targets critical Taiwan

Cisco Talos discovered UAT-5918, an info-stealing threat actor active since 2023, targeting Taiwan’s telecom, healthcare, IT, and critical infrastructure sectors. The group exploits vulnerabilities in unpatched servers, deploying web shells and open-source tools for persistence and credential theft. UAT-5918’s tooling and tactics overlap with multiple Chinese APT groups, suggesting a possible link to China.