Tag: china chopper

4 Attack Reports | 0 Vulnerabilities

Attack reports

Exploits Cityworks zero-day vulnerability to deliver malware

Chinese-speaking threat actors, dubbed UAT-6382, have been exploiting a remote-code-execution vulnerability (CVE-2025-0994) in Cityworks, a popular asset management system. The attacks, which began in January 2025, target local governing bodies in the United States, focusing on utilities management…

chinese threat actors

Published: May 22, 2025

Linked vulnerabilities : CVE-2025-0944 (CVSS 6.3)

Downloadable IOCs: 18

Weaver Ant, the Web Shell Whisperer: Tracking a China-Nexus Cyber Operation

Sygnia uncovered a sophisticated China-nexus threat actor, Weaver Ant, targeting a major Asian telecom company. The group employed web shells and tunneling techniques for persistence and lateral movement, maintaining access for over four years. They utilized encrypted China Chopper and custom 'INMe…

lateral movement

inmemory web shell

Published: March 25, 2025

Downloadable IOCs: 1

Tropic Trooper spies on government entities in the Middle East

Tropic Trooper, a Chinese-speaking APT group active since 2011, has expanded its operations to target government entities in the Middle East. The group deployed a new variant of the China Chopper web shell on a compromised Umbraco CMS server, along with other post-exploitation tools and backdoor im…

Published: September 5, 2024

Downloadable IOCs: 7

Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware

In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.

Published: June 26, 2024

Downloadable IOCs: 8

Click here to see more Attack Reports