Lilac Typhoon
0 incidentes
0 paises
0 sectores
apt CN Ultimo: -
Aliases: DEV-0234
Lilac Typhoon, also tracked by Microsoft as DEV-0234, is a state-sponsored cyber threat actor attributed to China. The group's primary motivation is cyber espionage and broader system compromise, often leveraging critical vulnerabilities to gain initial access. This group is distinguished by its opportunistic exploitation of zero-day or recently disclosed vulnerabilities, as exemplified by its rapid exploitation of the Atlassian Confluence remote code execution vulnerability, CVE-2022-26134, shortly after its public disclosure in June 2022. While their activities primarily involve espionage-related objectives, they have been observed deploying diverse payloads, including those associated with cryptojacking and potential ransomware use, indicating a versatile operational approach. The name 'Typhoon' within Microsoft's naming taxonomy consistently designates groups originating from China.
Sectores objetivo (SOCRadar)
Public AdministrationEducational ServicesRestaurantsSpace & DefenseEnergy & Utilities Management, Scientific, and Technical Consulting ServicesReligious OrganizationsCivic and Social OrganizationsExecutive, Legislative, and Other General Government SupportJustice, Public Order, and Safety Activities