HackRead

45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation

Deeba Ahmed · 5 days ago · Read original ↗

ATT&CK techniques detected

3 predictions

T1059.006Python

96%

“software with known security flaws. they prefer flaws that allow remote code execution ( rce ) to gain full control over the compromised device, such as react2shell ( cve - 2025 - 55182 ) and cve - 2025 - 66478, and log4shell ( cve - 2021 - 44228 ). researchers observed four cust…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1056.001Keylogging

38%

“and enrich stolen data. the hackers use blockchain intelligence apis such as oklink and tatum to monitor nearly 22, 000 cryptocurrency addresses. they also use automated scripts to validate stolen stripe keys by checking for active accounts with available balances. this organised…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1505.003Web Shell

36%

“. to maintain persistence, they use several methods to ensure they stay hidden, like deploying cloudflare tunnels via cf - client, p2p clients named mayun, and backdoors identified in logs as d2 and pl. the group also uses a fileless execution chain using commands that feed web c…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks.