Web Infrastructure | Breaking Cybersecurity News | The Hacker News

A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talos to an activity cluster it tracks as UAT-7237 , which is believed to be active since at least 2022. The hacking group is assessed to be a sub-group of UAT-5918 , which is known to be attacking critical infrastructure entities in Taiwan as far back as 2023. "UAT-7237 conducted a recent intrusion targeting web infrastructure entities within Taiwan and relies heavily on the use of open-sourced tooling, customized to a certain degree, likely to evade detection and conduct malicious activities within the compromised enterprise," Talos said . The attacks are characterized by the use of a bespoke shellcode loader dubbed SoundBill that's designed to decode and launch secondary pay...