| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Lilac Typhoon is a threat actor attributed to China. They have been identified as exploiting the Atlassian Confluence RCE vulnerability CVE-2022-26134, which allows for remote code execution. This vulnerability has been used in cryptojacking campaigns and is included in commercial exploit frameworks. Lilac Typhoon has also been involved in deploying various payloads such as Cobalt Strike, web shells, botnets, coin miners, and ransomware.
There are currently no families associated with this actor.
| 2022-10-07
⋅
Flashpoint
⋅
Analysis of CISA releases Advisory on Top CVEs Exploited Chinese State-Sponsored Groups Lilac Typhoon |
| 2022-06-13
⋅
Risky.biz
⋅
Risky Biz News: Google shuts down YouTube Russian propaganda channels Lilac Typhoon |
| 2022-06-11
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on DEV-0401, DEV-0234 exploiting Confluence RCE CVE-2022-26134 Kinsing Mirai Cobalt Strike Lilac Typhoon |