PRC state-sponsored campaign to gain long-term access to critical infrastructure networks
Campaign
Summary
Hide ▲
Show ▼
PRC state-sponsored APT actors are running a deliberate and sustained campaign to gain long-term access to critical infrastructure networks worldwide, increasing risk to essential services and sensitive operational environments. The activity is tied to router vulnerabilities used by telecommunications providers and other infrastructure operators. The operation has been observed across telecommunications, transportation, lodging, and military networks, with investigators tracking activity through July 2025.
Related Happenings
2025 DDoS surge targets telecommunications, service providers, and carriers
Target Trend
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
About this happening:
**Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
2025 DDoS surge targets telecommunications, service providers, and carriers
Target TrendAbout this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
Campaign
First: 29.01.2026 16:55
Last: 29.01.2026 16:55
Sources 1
About this happening:
The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...
Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
CampaignAbout this happening: The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...
Latest development: 20.03.2026 02:49
The U.S. Justice Department, with authorities in Canada and Germany, dismantled infrastructure behind Aisuru, Kimwolf, JackSkid and Mossad, seized U.S.-registered domains and virtual servers used in DDoS attacks against DoD Internet addresses, and said the action was intended to prevent further infections and future attacks.
Cisco SSL VPN and GlobalProtect credential-probing campaign
Campaign
First: 18.12.2025 06:10
Last: 18.12.2025 06:10
Sources 1
About this happening:
A **coordinated credential-based campaign** is now probing **Cisco SSL VPN** and **Palo Alto Networks GlobalProtect** portals at scale, raising the risk of unauthorized access att...
Cisco SSL VPN and GlobalProtect credential-probing campaign
CampaignAbout this happening: A **coordinated credential-based campaign** is now probing **Cisco SSL VPN** and **Palo Alto Networks GlobalProtect** portals at scale, raising the risk of unauthorized access att...
Pro-Russia hacktivist OT intrusion campaign against US critical infrastructure
Campaign
First: 10.12.2025 18:00
Last: 10.12.2025 18:00
Sources 1
About this happening:
A coordinated **pro-Russia hacktivist** campaign is exploiting exposed **virtual network computing** connections and weak passwords to breach **operational technology (OT)** syste...
Pro-Russia hacktivist OT intrusion campaign against US critical infrastructure
CampaignAbout this happening: A coordinated **pro-Russia hacktivist** campaign is exploiting exposed **virtual network computing** connections and weak passwords to breach **operational technology (OT)** syste...
Pro-Russia hacktivist groups campaign expands across multiple victims
Campaign
First: 09.12.2025 14:00
Last: 09.12.2025 14:00
Sources 1
About this happening:
A sustained **pro-Russia hacktivist** campaign is targeting **U.S. and global critical infrastructure**, raising disruption risk across **OT** and **SCADA** environments. The oper...
Pro-Russia hacktivist groups campaign expands across multiple victims
CampaignAbout this happening: A sustained **pro-Russia hacktivist** campaign is targeting **U.S. and global critical infrastructure**, raising disruption risk across **OT** and **SCADA** environments. The oper...
Timeline
-
27.08.2025 15:00 1 articles · 9mo ago
CISA and partners release joint advisory on PRC campaign
Initial DisclosureCISA, the NSA, the FBI, and international partners released a joint cybersecurity advisory warning that People’s Republic of China state-sponsored APT actors are conducting a deliberate and sustained campaign to gain long-term access to critical infrastructure networks worldwide. The advisory says the actors are exploiting vulnerabilities in routers used by telecommunications providers and other infrastructure operators, evading detection, and maintaining persistent access across telecommunications, transportation, lodging, and military networks. It also builds on previous reporting, incorporates updated threat intelligence from investigations conducted through July 2025, and notes overlapping indicators with Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807, and GhostEmperor. Recommended mitigations include patching known exploited vulnerabilities (KEVs), enabling centralized logging, and securing edge infrastructure.
Show sources