SYMBOLCOMMON_NAMEaka. SYNONYMS

Chaya_004  (Back to overview)


Chaya_004 is a Chinese threat actor identified through malicious infrastructure, including a network of servers hosting Supershell backdoors and various pen testing tools of Chinese origin. The actor's activities are linked to the exploitation of a specific vulnerability, with a focus on using Chinese cloud providers. Analysis of the infrastructure has revealed TTPs associated with Chaya_004, indicating a sophisticated approach to cyber operations. Mitigation recommendations and proactive response measures have been developed in light of these findings.


Associated Families

There are currently no families associated with this actor.


References
2025-05-08ForescoutLuca Barba, Sai Molige
Threat Analysis: SAP Vulnerability Exploited in the Wild by Chinese Threat Actor
Chaya_004

Credits: MISP Project