Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets

18/08/2025

Web hosting entities in Taiwan have been in the crosshairs of a Chinese APT looking to establish long-term access to high-value targets, Cisco Talos reports.

Tracked as UAT-7237 and believed to be active since 2022, the threat actor is likely a division of the hacking group that Talos tracks as UAT-5918, which overlaps with Chinese APTs such as Volt Typhoon and Flax Typhoon.

According to Talos, however, UAT-7237’s use of Cobalt Strike, its deployment of web shells on select systems only, and its use of RDP access and of a legitimate VPN client suggest the APT represents a separate cluster of activity under the UAT-5918 umbrella.

During a recent intrusion at a web hosting provider in Taiwan, UAT-7237 was seen exploiting known vulnerabilities in internet-facing servers for initial access, conducting reconnaissance, and deploying the SoftEther VPN software for remote access.

For reconnaissance and lateral movement, the threat actor used a combination of readily available tools and Windows Management Instrumentation (WMI)-based utilities, such as SharpWMI and WMICmd.

Alongside various open source tools, UAT-7237 was observed deploying a custom shellcode loader dubbed SoundBill, which is written in Chinese and contains two executables originating from the Chinese instant messaging software QQ.

SoundBill, Talos says, can load payloads ranging from custom Mimikatz implementations to code leading to arbitrary command execution, or Cobalt Strike payloads for long-term information-stealing access.

UAT-7237 was also seen relying on the privilege escalation tool JuicyPotato for command execution, changing the OS configuration of the compromised systems, enabling storage of cleartext passwords, and using various tools for credential exfiltration.

The threat actor also used network scanning tools such as Fscan and SMB scans to discover other endpoints on the network, and deployed the SoftEther VPN client to maintain access to the compromised systems.

Because the remote server hosting SoftEther VPN was created in September 2022, Talos believes that the APT has been using the remote access software for over two years.

Related: Report Links Chinese Companies to Tools Used by State-Sponsored Hackers

Related: Chinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink Satellites

Related: Canada Gives Hikvision the Boot on National Security Grounds

Related: Chinese APT Hacking Routers to Build Espionage Infrastructure

Source: securityweek.com

New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data

A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how this method can extract cryptographic keys from supposedly secure SGX enclaves using a low-cost setup, challenging the … [Read More...]

Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code

Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform. The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating … [Read More...]

Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users

Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms. This change represents a proactive measure to strengthen email security infrastructure and protect users from potential cybersecurity threats. The rollout timeline has been strategically … [Read More...]

5 tips for setting up guest Wi-Fi that isn't a danger to your home

Having guests over is great until they ask for the Wi-Fi password. I'm then faced with the awkward dance of finding that crumpled sticky note, dictating a convoluted string of alphanumeric characters, and hoping they type it in correctly. But the real problem is how guests feel like I'm inviting a security nightmare home. Digitally, handing out my main Wi-Fi password is like giving a stranger a … [Read More...]

Acer Chromebook Plus Spin 514 review: a versatile, convertible powerhouse

A good Chromebook can sometimes be hard to find. Many ChromeOS devices are too underpowered to really do much beyond browse the web and manage your email, or they suffer from poor build quality, dim displays, or uncomfortable keyboards. But that's not the case with the new Acer Chromebook Plus Spin 514. Source: xda-developers.com … [Read More...]

Wolverine: 4 Marvel characters we'd love to see meet up with Logan

During the State of Play presentation for September 2025, Insomniac Game finally gave everyone an official first look at their upcoming Wolverine game. What was very clear from the start was that this would be different from what fans have come to expect from the studio, given their Spider-Man titles were wildly successful. For many people who love Marvel Comics, Wolverine is a character that … [Read More...]

Using my NAS as an Apple Time Machine backup store was the best QoL upgrade for my MacBook

Creating regular backups of your essential files goes a long way in ensuring your devices remain in tip-top form, regardless of whether you’re a casual user or a hardcore tinkering veteran with multiple projects under your belt. While there are certain self-hosted services that can accomplish this task on Windows and Linux, the macOS ecosystem is blessed with a dedicated snapshot utility called … [Read More...]

3 Windows File Explorer add-ons that fix Microsoft's biggest pain points

File Explorer is one of the oldest parts of Windows, and you can tell. Microsoft has added tabs and refreshed the icons, but the core experience still needs work. For example, the layout looks rigid, and everyday actions like batch renaming need third-party help to be more complete. File Explorer also feels flat to look at, with almost no way to change its appearance. Small pain points like these … [Read More...]

The single Docker container that made me a home lab power user

For years, I treated my home lab like a necessary chore – a collection of services running on command line interfaces that required constant SSH logins just to check logs or reboot a container. I knew the power of Docker, but managing multiple environments across different hardware was often a confusing, time-consuming mess. Source: xda-developers.com … [Read More...]

Kingmakers, the medieval battle game with modern weapons, has been delayed

Redemption Road's absolutely bonkers-looking medieval shooter, Kingmakers, was slated to launch in Early Access on October 8, but now its release has been pushed back with no new date in sight. The developers posted an update on Steam to say that the scheduled launch, just days away, "will no longer be possible," going on to explain that they need "a bit more time on content polish before we feel … [Read More...]