Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

Threat Score:

The Hacker News

2 hours ago

Part of cluster #1990

Overview

A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talos to an activity cluster it tracks asUAT-7237, which is believed to be active since at least 2022. The hacking group is assessed to be a sub-group ofUAT-5918, which is known to be attacking critical in...

Continue Reading on Original Site

5 articles

US and Five Global Partners Release First Unified OT Security Taxonomy

Infosecurity Magazine • 6 hours ago

Germany, the Netherlands and four of the Five Eyes countries a common asset inventory for industrial cybersecurity

Score

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Brighttalk • 4 hours ago

Presented by Jitin Shabadu, Forrester Analyst | Jayce Nichols, Director, Intelligence Solutions, Google Threat Intelligence Group

Score

Colt Telecom attack claimed by WarLock ransomware, data up for sale

BleepingComputer • 3 hours ago

Colt Telecom attack claimed by WarLock ransomware, data up for sale Bill Toulas August 15, 2025 11:25 AM 0 UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online, and Voice API platforms. The British telecommunications and network services provider disclosed that the attack started on August 12 and the disruption continues as its IT staff

Score

Cisco Patches Critical Vulnerability in Firewall Management Platform

SecurityWeek • 11 hours ago

Cisco has released over 20 advisories as part of its August 2025 bundled publication for ASA, FMC and FTD products.

Score

Cisco Discloses Critical RCE Flaw in Firewall Management Software

Infosecurity Magazine • 8 hours ago

Cisco has issued a software update to address the vulnerability, which can allow an unauthenticated, remote attacker to inject arbitrary shell commands

Score

ATTACK TYPES

APT Exploitation

Advanced Persistent Threat

Privilege Escalation

Rootkit

Web Infrastructure Attack

COUNTRIES

China

Taiwan

VULNERABILITIES

Privilege Escalation

COMPANIES

Cisco

Cisco Talos

PLATFORMS

Windows

APT GROUPS

Cobalt

Flax Typhoon

Gelsemium

UAT-5918

UAT-7237

RANSOMWARE

Desktop

core

MITRE ATT&CK

Rootkit

T1046

T1053

T1059.001

T1071.001

MALWARE

Cobalt Strike

JuicyPotato

Leverage

MimiKatz

Pay2Key

INDUSTRIES

Cybersecurity

Web Hosting

ARTICLE INFORMATION

Article #11984

Published 2 hours ago

The Hacker News

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

US and Five Global Partners Release First Unified OT Security Taxonomy

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Colt Telecom attack claimed by WarLock ransomware, data up for sale

Cisco Patches Critical Vulnerability in Firewall Management Platform

Cisco Discloses Critical RCE Flaw in Firewall Management Software

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies