A China-backed cyber espionage group identified as 'UNC5174', also known as Uteus, is reportedly utilizing open-source tools to conduct stealthy attacks on Linux and macOS systems. The group employs SNOWLIGHT malware and a fake Cloudflare application known as VShell to breach systems across more than 20 nations, targeting sectors such as government, finance, and defense. Their tactics include the use of fileless payloads and fake authenticator applications to mask their intrusions. The use of open-source tools allows UNC5174 to enhance their stealth capabilities in cyber operations, raising concerns about the effectiveness of current cybersecurity measures against such sophisticated threats.