Find notable cyber news and cases, enriched with sources, timelines, and signals.

SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

SHADOW-EARTH-053 is running an active China-aligned espionage campaign against government and defense targets across South, East, and Southeast Asia and Poland, creating persistent access for intelligence collection. The operation has been active since at least December 2024 and uses internet-facing Microsoft Exchange and IIS vulnerabilities to gain entry, then deploys Godzilla web shells and ShadowPad implants. The intrusion chain also includes CVE-2025-55182 in one case, plus tunneling, privilege-escalation, and lateral-movement tooling to extend reach inside victim networks.

Cases

Related Happenings

UNC6508 China-linked REDCap espionage campaign

Campaign
H score39 First: 15.06.2026 17:00 Last: 15.06.2026 17:00 Sources 1

About this happening: **UNC6508** ran a **China-linked espionage campaign** against **exposed REDCap servers** used by **North American medical, academic, and military research networks**. The operatio...

OP-512 Microsoft IIS espionage campaign

Campaign
H score52 First: 05.06.2026 15:33 Last: 05.06.2026 15:33 Sources 1

About this happening: **OP-512** is an active **espionage campaign** targeting **Microsoft IIS servers** with a **bespoke web shell framework**, increasing the risk of stealthy remote access on exposed...

Shadow-Aether-040 AI-augmented campaign against Mexican government entities

Campaign
H score41 First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...

FamousSparrow Azerbaijanian oil-and-gas targeting campaign

Campaign
H score32 First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: The **China-linked FamousSparrow group** ran a **targeted cyberespionage campaign** against an **Azerbaijanian oil-and-gas company** in the **South Caucasus**, highlighting a new...

FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company

Campaign
H score39 First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...

Timeline

  1. 01.05.2026 17:02 2 articles · 2mo ago

    SHADOW-EARTH-053 espionage campaign disclosed against Asian government and defense targets

    Initial Disclosure

    Trend Micro attributed a China-aligned espionage campaign to SHADOW-EARTH-053, saying the cluster targets government and defense sectors across South, East, and Southeast Asia and Poland, has been active since at least December 2024, and uses internet-facing Microsoft Exchange and IIS exploitation to drop Godzilla web shells, stage ShadowPad via DLL sideloading and AnyDesk, and in one case deliver Linux Noodle RAT through CVE-2025-55182.

    Show sources