CN

Lilac TyphoonLilac Typhoon

Also known as: DEV-0234 · Lilac Typhoon

Origin
CN
Known aliases
2

Profile

Lilac Typhoon is a threat actor attributed to China. They have been identified as exploiting the Atlassian Confluence RCE vulnerability CVE-2022-26134, which allows for remote code execution. This vulnerability has been used in cryptojacking campaigns and is included in commercial exploit frameworks. Lilac Typhoon has also been involved in deploying various payloads such as Cobalt Strike, web shells, botnets, coin miners, and ransomware.

Aliases· 2

DEV-0234Lilac Typhoon

References

  1. https://securityboulevard.com/2022/10/analysis-of-cisa-releases-advisory-on-top-cves-exploited-chinese-state-sponsored-groups/
  2. https://riskybiznews.substack.com/p/risky-biz-news-google-shuts-down
  3. https://twitter.com/MsftSecIntel/status/1535417776290111489

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Flax Typhoon
Actor
LilacSquid
Actor
Raspberry Typhoon
Actor
Earth Lamia
Actor
Storm-0062
Actor
Volt Typhoon
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.