Tag: state-sponsored

7 Attack Reports | 0 Vulnerabilities

Attack reports

China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)

Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Compone…
exploit
china-nexus
CVE-2025-1338
next.js
earth lamia
CVE-2025-55182
2025-12-05
jackpot panda
state sponsored
react2shell
react server
app router
Published: December 5, 2025
Linked vulnerabilities : CVE-2025-1338 (CVSS 7.3), CVE-2025-55182 (CVSS 10.0)
Downloadable IOCs: 4

What's in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia

A Russia state-sponsored cyber threat actor impersonated the U.S. Department of State to target prominent academics and critics of Russia. The attackers used extensive rapport building and tailored lures to convince targets to set up application specific passwords (ASPs). Once obtained, these ASPs …
phishing
state-sponsored
asp
email compromise
2025-06-18
department of state
Published: June 18, 2025
Downloadable IOCs: 2

Private Contractor Linked to Multiple Chinese State-Sponsored Groups

A recent leak from I-SOON, a Chinese IT and cybersecurity company, has revealed connections to several state-sponsored cyber groups including RedAlpha, RedHotel, and Poison Carp. The leak exposes a sophisticated espionage network involving the theft of communications data for individual tracking. A…
state-sponsored
i-soon
2025-06-13
poison carp
contractor
redhotel
redalpha
Published: June 13, 2025
Downloadable IOCs: 0

APT 41: Threat Intelligence Report and Malware Analysis

APT41, a sophisticated Chinese state-sponsored threat actor, blends cyber espionage with cybercrime tactics. They target various sectors globally, including healthcare, telecom, and government entities. Recently, APT41 was observed using Google Calendar for malware command-and-control on a Taiwanes…
state-sponsored
china
cyberespionage
spear-phishing
google calendar
plusdrop
2025-06-10
plusinject
Published: June 10, 2025
Downloadable IOCs: 10

Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens and Informants

Silent Push Threat Analysts have uncovered a sophisticated phishing campaign targeting individuals sympathetic to Ukraine's defense, Russian citizens, and potential informants. The operation, believed to be orchestrated by Russian Intelligence Services, employs four major phishing clusters imperson…
phishing
impersonation
state-sponsored
russia
ukraine
russian volunteer corps
2025-04-01
hochuzhit
cia
intelligence gathering
legion liberty
Published: April 1, 2025
Downloadable IOCs: 0

China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike

A Chinese state-sponsored threat group, TAG-112, has compromised two Tibetan websites to deliver Cobalt Strike malware. The attackers embedded malicious JavaScript in the sites, spoofing a TLS certificate error to trick visitors into downloading a disguised security certificate. This campaign highl…
state-sponsored
cobalt strike
cyber-espionage
2024-11-13
china-nexus
tibetan websites
joomla vulnerabilities
tls certificate spoofing
evasive panda
tag-102
Published: November 13, 2024
Downloadable IOCs: 19

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

This advisory outlines the activities of an Iran-based cyber threat group that has conducted numerous intrusions against organizations in the United States and other countries since 2017, with the goal of obtaining network access to facilitate ransomware attacks. The group, known by various names s…
ransomware
state-sponsored
credential-theft
blackcat
alphv
CVE-2024-3400
iran
CVE-2024-21887
CVE-2024-24919
noberus
2024-08-28
webshells
CVE-2022-1388
CVE-2023-3519
noescape
ransomhouse
CVE-2019-19781
Published: August 28, 2024
Downloadable IOCs: 33
Click here to see more Attack Reports