Cloud Threat Landscape

Incidents
Actors
Techniques
Defenses
Tools
Targeted Technologies
Posters & Newspapers
About
RSS
STIX
Back to wiz.io

Cloud Threat Landscape

UNC5174 ScreenConnect and F5 BIG-IP exploitation

Type

Campaign

Actors

Pub. date

March 22, 2024

Initial access

1-day vulnerability

Impact

Data exfiltration

Observed techniques

Vulnerability exploitation

Observed tools

SUPERSHELL SNOWLIGHT GOHEAVY

Targeted technologies

ConnectWise ScreenConnect F5 BIG IP Confluence Server

References

https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

Status

Finalized

Last edited

Jun 2, 2024 12:00 PM

Made with 💙 by Wiz

Last Updated: April 3, 2025