SHADOW-EARTH-053 Exploits Microsoft Exchange Vulnerabilities in Asia
ID: 54c3421b-3303-5ae6-919d-155d4b0d9ce5
STIX ID: report--54c3421b-3303-5ae6-919d-155d4b0d9ce5
Feed Name: ThreatCluster
Threat Score
SHADOW-EARTH-053, a China-aligned threat actor, has been actively exploiting unpatched Microsoft Exchange and IIS ProxyLogon vulnerabilities to compromise government ministries, defense contractors, and transportation organizations across at least eight Asian countries and one NATO member state; intrusions involve web shells, ShadowPad via DLL sideloading and registry execution, credential theft (Mimikatz), registry and scheduled-task persistence, and the report urges immediate patching and monitoring.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.