top of page
  • Writer's pictureAnup Ghosh

Chinese Group Sold Access to US & UK Networks by Exploiting F5 & ScreenConnect Vulnerabilities

The Download

Google's Mandiant division assesses with moderate confidence the Chinese group UNC5174, which also goes by Uteus, is selling access to US defense and UK government entities. UNC5174 is believed to be a contracted arm to the Chinese Ministry of State Security (MSS) and is selling initial access into high value target networks.

The vulnerabilities believed to be exploited by UNC5174 are CVE-2023-46747 (9.8/10) in F5 BIG-IP Traffic Management User Interface and CVE-2024-1709, ConnectWise ScreenConnect vulnerability (10/10). Mandiant notes that the ScreenConnect vulnerability has been exploited in hundreds of organizations in the US and Canada.

While vulnerabilities represent the potential for high severity exploitation, the Mandiant report states that UNC5174 is not only actively exploiting these high severity vulnerabilities, but also selling access to US & UK networks, which is highly concerning.

What You Can Do

The most important thing is to ensure you are continuously monitoring for these and other critical vulnerabilities that are being actively exploited. The Identify category in the NIST CSF 2.0 release requires you understand your assets, their security posture, and then remediate or mitigate as needed.

To Learn More:



bottom of page