VERY IMPORTANT

In late October 2023 and February 2024, cybersecurity firm Mandiant reported novel N-day exploitations of vulnerabilities (CVE-2023-46747 and CVE-2024-1709) in F5 BIG-IP Traffic Management User Interface and Connectwise ScreenConnect, respectively. These exploitations were linked with moderate confidence to UNC5174, a China-based threat actor believed to be a contractor for China's Ministry of State Security. UNC5174, using custom tooling and the SUPERSHELL framework, has reportedly attempted to sell access to US defense contractor appliances, UK government entities, and Asian institutions, and has compromised hundreds of institutions primarily in the US and Canada.