CyberSum logo
Back

ToolShell Vulnerability Exploited by Chinese Threat Actors

Cyber Security News by CyberSum.net
4 sources
Incident responders have identified breaches at government agencies, telecoms, and universities stemming from the ToolShell vulnerability (CVE-2025-53770). Symantec and Carbon Black tracked multiple compromises involving this vulnerability, which was exploited by China-based groups. The attackers used malware like Zingdoor, ShadowPad, and KrustyLoader, along with legitimate tools like Sliver and Certutil. The campaign aimed to steal credentials and establish persistent access, likely for espionage purposes. The Warlock ransomware, linked to this campaign, appears to be a rebrand of older ransomware threats and has been used to obfuscate espionage activities.

Also Read

TruffleNet: Cloud Credential Abuse for BEC Fraud

Fortinet’s FortiGuard Labs identified a widespread cloud abuse campaign, TruffleNet, exploiting stolen AWS credentials for large-scale Business Email Compromise (BEC) and email fraud. The campaign leverages over 800 unique hosts across 57 networks, showcasing advanced automation and operational discipline. Attackers use tools like TruffleHog and Portainer to validate credentials and orchestrate fraudulent activities, resulting in significant financial losses and data breaches.

By Cyber Security News by CyberSum.net