Genesis Panda high-volume cloud espionage campaign
Campaign
Summary
Hide ▲
Show ▼
The Genesis Panda campaign is active across 11 countries, targeting financial services, media, telecommunications, and technology organizations for intelligence collection. The operation matters because it combines broad sector coverage with cloud-focused access expansion, increasing the risk of sustained covert access. The activity has been observed since at least January 2024.
Related Happenings
Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
Campaign
First: 29.01.2026 16:55
Last: 29.01.2026 16:55
Sources 1
About this happening:
The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...
Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
CampaignAbout this happening: The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...
Latest development: 20.03.2026 02:49
The U.S. Justice Department, with authorities in Canada and Germany, dismantled infrastructure behind Aisuru, Kimwolf, JackSkid and Mossad, seized U.S.-registered domains and virtual servers used in DDoS attacks against DoD Internet addresses, and said the action was intended to prevent further infections and future attacks.
Russian GRU critical infrastructure edge-device targeting campaign
Campaign
First: 16.12.2025 14:15
Last: 16.12.2025 14:15
Sources 1
About this happening:
A Russian GRU-linked campaign targeted Western critical infrastructure and shifted in 2025 from exploiting vulnerabilities in products such as WatchGuard, Confluence, and Veeam to...
Russian GRU critical infrastructure edge-device targeting campaign
CampaignAbout this happening: A Russian GRU-linked campaign targeted Western critical infrastructure and shifted in 2025 from exploiting vulnerabilities in products such as WatchGuard, Confluence, and Veeam to...
Latest development: 16.12.2025 22:13
The operation initially relied on **WatchGuard**, **Confluence**, and **Veeam** vulnerabilities for initial access, combining zero-days and known flaws. That foothold phase later gave way to targeting **misconfigured edge devices** with exposed management interfaces.
Warp Panda North American legal, technology and manufacturing espionage campaign
Campaign
First: 05.12.2025 16:30
Last: 05.12.2025 16:30
Sources 1
About this happening:
Warp Panda is running a **sophisticated cyber-espionage campaign** against **North American legal, technology and manufacturing firms**, maintaining **persistent covert access** t...
Warp Panda North American legal, technology and manufacturing espionage campaign
CampaignAbout this happening: Warp Panda is running a **sophisticated cyber-espionage campaign** against **North American legal, technology and manufacturing firms**, maintaining **persistent covert access** t...
Earth Lamia and Jackpot Panda broad multi-CVE scanning campaign
Campaign
First: 05.12.2025 16:10
Last: 05.12.2025 16:10
Sources 1
About this happening:
**Earth Lamia** and **Jackpot Panda** mounted a **broad multi-CVE scanning campaign** that quickly weaponized **CVE-2025-55182 / React2Shell**, raising the chance that unpatched s...
Earth Lamia and Jackpot Panda broad multi-CVE scanning campaign
CampaignAbout this happening: **Earth Lamia** and **Jackpot Panda** mounted a **broad multi-CVE scanning campaign** that quickly weaponized **CVE-2025-55182 / React2Shell**, raising the chance that unpatched s...
China-linked persistent-access campaign against U.S. policy-linked entities
Campaign
First: 07.11.2025 18:07
Last: 07.11.2025 18:07
Sources 1
About this happening:
**China-linked** operators maintained **weeks-long access** to a **U.S. non-profit** and used that foothold to pursue **long-term persistence**, making the activity significant fo...
China-linked persistent-access campaign against U.S. policy-linked entities
CampaignAbout this happening: **China-linked** operators maintained **weeks-long access** to a **U.S. non-profit** and used that foothold to pursue **long-term persistence**, making the activity significant fo...
Timeline
-
22.08.2025 14:06 1 articles · 9mo ago
Genesis Panda high-volume cloud espionage campaign
Initial DisclosureThe campaign emerged as a sustained **cloud-focused espionage** effort that was already active by **January 2024**. Early reporting ties it to high-volume targeting across multiple sectors and countries, with access expansion into cloud accounts and infrastructure.
Show sources
- Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage — thehackernews.com — 22.08.2025 14:06