Chinese Cybercrime Infrastructure Detected: Automated Exploitation & Harvesting Infrastructure

This SOCRadar report details a large-scale, organized Chinese cybercrime operation that automates discovery and exploitation of vulnerable web services, performs credential and secret harvesting (AI API keys, Stripe keys, DB credentials), uses a workflow-driven orchestration backend ('paperclip' / OpenClaw), deploys persistent backdoors and fileless C2, and monetizes stolen data via crypto-tracking and Stripe validation; the report includes evidence of active exploitation, operational scale (tens of thousands of attempts, thousands of backdoors), and multiple IOCs.