Chaya_004
0 incidentes
0 paises
0 sectores
apt CN Ultimo: -
Chaya_004 is an internal tracking name for a Chinese threat actor first identified in April 2025, primarily known for exploiting critical vulnerabilities in SAP NetWeaver. This group is assessed to be state-sponsored, with a primary motivation of long-term espionage and intelligence gathering rather than financial gain. What distinguishes Chaya_004 is its consistent use of Chinese cloud infrastructure and Chinese-language tools, alongside specific methods for impersonating legitimate services to evade detection, which underpins its targeted operations against high-value enterprise systems.