UNC5174 ScreenConnect and F5 BIG-IP exploitation

Type

Campaign

Actors

💡UNC5174

Pub. date

March 22, 2024

Initial access

1-day vulnerability

Impact

Data exfiltration

Observed techniques

Vulnerability exploitation

Observed tools

SUPERSHELLSNOWLIGHTGOHEAVY

Targeted technologies

ConnectWise ScreenConnectF5 BIG IPConfluence Server

References

https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

Status

Finalized

Last edited

Jun 2, 2024 12:00 PM