Chinese hackers undertaking global infiltration campaign across 12 countries and 20 industries
Chinese hackers undertaking global infiltration campaign across 12 countries and 20 industries
teamt5.org
China-nexus APT exploits Ivanti Connect Secure VPN vulnerability to infiltrate multiple entities - TeamT5
Here is also a report.
China-nexus APT exploits Ivanti Connect Secure VPN vulnerability to infiltrate multiple entities, according to Cyber Security firm TeamT5.
- The campaign, active since late March 2025, exploits the CVE-2025-0282 and CVE-2025-22457 vulnerabilities' stack-based buffer overflow flaws, which have maximum CVSS (Common Vulnerability Scoring System) scores of 9.0, to deploy the SPAWNCHIMERA malware suite and establish network access.
- The victim countries include Austria, Australia, France, Spain, Japan, South Korea, Netherlands, Singapore, Taiwan, the United Arab Emirates, the United Kingdom, and the United States.
- Targeted industries include Automotive, Chemical, Conglomerate, Construction, Information Security, Education, Electronics, Financial Institution, Gambling, Government, Intergovernmental Organizations (IGO), Information Technology, Law Firm, Manufacturing, Materials, Media, Non-Governmental Organizations (NGOs), Research Institutes, Telecommunication.
...
Not surprising timing since Trump is disrupting the global economy meaning already vulnerable megacorps are putting less money into security, and Trump deprioritized cyber crime law enforcement, so the US government won't be running interference.