Chinese Threat Group UNC5174 Caught Using New Tools In Ongoing Cyber Campaign

Chinese state-sponsored hacking group UNC5174 has launched a new cyber campaign using a variant of their SNOWLIGHT malware and the open-source VShell Remote Access Trojan. The group, believed to be contractors for the Chinese government, targets research institutions, government agencies, and tech companies, using stealthy techniques like WebSockets and memory-only payloads. Sysdig researchers discovered the campaign in late January 2025 and warn that it is still active, with new malicious domains emerging.