Uptime Hamster: 15d 10h 9mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza Lilac Typhoon

Lilac Typhoon

0 incidentes 0 paises 0 sectores apt CN Ultimo: -
Aliases: DEV-0234
Ver en IntelTracker → APTTrail →
Lilac Typhoon, also tracked by Microsoft as DEV-0234, is a state-sponsored cyber threat actor attributed to China. The group's primary motivation is cyber espionage and broader system compromise, often leveraging critical vulnerabilities to gain initial access. This group is distinguished by its opportunistic exploitation of zero-day or recently disclosed vulnerabilities, as exemplified by its rapid exploitation of the Atlassian Confluence remote code execution vulnerability, CVE-2022-26134, shortly after its public disclosure in June 2022. While their activities primarily involve espionage-related objectives, they have been observed deploying diverse payloads, including those associated with cryptojacking and potential ransomware use, indicating a versatile operational approach. The name 'Typhoon' within Microsoft's naming taxonomy consistently designates groups originating from China.

Aliases del actor

DEV-0234

Actores similares

devmanransomware · 184apt-flaxtyphoonactor · 1Network Devicesactor · 1Compromise Software Dependencies and Development Toolsactor · 1Device Driver Discoveryactor · 1Volt Typhoonapt · 1Salt Typhoonactor · 1CS FQL: 32. Detect Data Exfiltration via external storage devicesactor · 1dev-0322actor · 1volt-typhoonactor · 1
Tecnicas MITRE
T1059.003, T1547, T1012, T1555.003, T1567.002, T1204
Tipo
apt
Pais origen
CN
Motivacion
-
Impacto
45
Actualizado
Mon, 13 Ap

Sectores objetivo (SOCRadar)

Public AdministrationEducational ServicesRestaurantsSpace & DefenseEnergy & Utilities Management, Scientific, and Technical Consulting ServicesReligious OrganizationsCivic and Social OrganizationsExecutive, Legislative, and Other General Government SupportJustice, Public Order, and Safety Activities