Chinese Hackers Deploy Stealthy Fileless VShell RAT

A Chinese state-backed hacking group, UNC5174, has relaunched operations after a year of silence, deploying a fileless remote access Trojan (RAT) called VShell. VShell, delivered through a modified version of the Snowlight malware, avoids detection by endpoint security tools by executing directly in memory and disguising itself as a legitimate kernel process. The group, known for targeting Western governments and critical infrastructure, uses WebSockets for encrypted communication and domain squatting to evade detection.