| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Houken is a Chinese state-sponsored threat actor that exploits zero-day vulnerabilities in Ivanti Cloud Services Appliance devices to gain initial access to critical infrastructure networks, particularly in France. The group employs a sophisticated rootkit alongside open-source tools, primarily developed by Chinese-speaking authors, to maintain persistence and control over compromised systems. Houken is suspected to operate as an initial access broker, selling footholds in targeted networks to other threat actors for further exploitation.
There are currently no families associated with this actor.
| 2025-07-07
⋅
Meterpreter
⋅
ANSSI Exposes “Houken”: China-Linked APT Exploiting Ivanti CSA Zero-Days & Deploying Linux Rootkits Houken |
| 2025-07-04
⋅
ANSSI
⋅
Houken seeking a path by living on the edge with zero-days Houken |