Widely attributedUnknownUNC5174
Chinese state-sponsored threat actor, also tracked as Uteus/Uetus. Assessed as a contractor for China's Ministry of State Security (MSS) focused on initial access operations. Former member of Chinese hacktivist collectives Dawn Calvary and Genesis Day.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low2.2
Low signal strength
Mentions3
Sources1
High conf.2
Last seenMay 2026
First observed
—
Last active
—
Origin
China
Aliases
3
Techniques
0
Campaigns
0
China
TargetsGovernmentResearchEducation
RegionsGlobal
Attribution signals
3 mentions · 1 source#1归属于high
Malware
wechat-qax-ti
May 2026
"SNOWLIGHT最早由Mandiant于2024年初披露,归属于UNC5174"
#2明确的定性high
MalwareTTP match
wechat-qax-ti
May 2026
"直到2025年发布《Operation(润)RUN》对UNC5174进行了明确的定性"
Campaign: Operation(润)RUN
#3reportedlymoderate
Malware
jpcert-blog
May 2026
"a SNOWLIGHT downloader reportedly used by UNC5174"
Hedge terms observed
reportedly归属于明确的定性