SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
Campaign
Summary
Hide ▲
Show ▼
SHADOW-EARTH-053 is running an active China-aligned espionage campaign against government and defense targets across South, East, and Southeast Asia and Poland, creating persistent access for intelligence collection. The operation has been active since at least December 2024 and uses internet-facing Microsoft Exchange and IIS vulnerabilities to gain entry, then deploys Godzilla web shells and ShadowPad implants. The intrusion chain also includes CVE-2025-55182 in one case, plus tunneling, privilege-escalation, and lateral-movement tooling to extend reach inside victim networks.
Cases
Related Happenings
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
FamousSparrow Azerbaijanian oil-and-gas targeting campaign
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **China-linked FamousSparrow group** ran a **targeted cyberespionage campaign** against an **Azerbaijanian oil-and-gas company** in the **South Caucasus**, highlighting a new...
FamousSparrow Azerbaijanian oil-and-gas targeting campaign
CampaignAbout this happening: The **China-linked FamousSparrow group** ran a **targeted cyberespionage campaign** against an **Azerbaijanian oil-and-gas company** in the **South Caucasus**, highlighting a new...
FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...
FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company
CampaignAbout this happening: A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...
The Hacker News launches Cybersecurity Stars Awards 2026
Commercial Activity
First: 06.05.2026 15:03
Last: 06.05.2026 15:03
Sources 1
About this happening:
The Hacker News launched the **Cybersecurity Stars Awards 2026**, opening a **global recognition program** for cybersecurity vendors, products, companies, and professionals. The l...
The Hacker News launches Cybersecurity Stars Awards 2026
Commercial ActivityAbout this happening: The Hacker News launched the **Cybersecurity Stars Awards 2026**, opening a **global recognition program** for cybersecurity vendors, products, companies, and professionals. The l...
UAT-8302 government-targeting campaign across South America and southeastern Europe
Campaign
First: 05.05.2026 17:19
Last: 05.05.2026 17:19
Sources 1
About this happening:
The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
UAT-8302 government-targeting campaign across South America and southeastern Europe
CampaignAbout this happening: The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
Timeline
-
01.05.2026 17:02 2 articles · 26d ago
SHADOW-EARTH-053 espionage campaign disclosed against Asian government and defense targets
Initial DisclosureTrend Micro attributed a China-aligned espionage campaign to SHADOW-EARTH-053, saying the cluster targets government and defense sectors across South, East, and Southeast Asia and Poland, has been active since at least December 2024, and uses internet-facing Microsoft Exchange and IIS exploitation to drop Godzilla web shells, stage ShadowPad via DLL sideloading and AnyDesk, and in one case deliver Linux Noodle RAT through CVE-2025-55182.
Show sources
- China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists — thehackernews.com — 01.05.2026 17:02
- China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists — thehackernews.com — 01.05.2026 17:02