China-Aligned Attackers Use ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign

📅 1 May 2026 at 08:17 UTC📰 Cyber Security NewsView original source ↗

A China-aligned threat group has been carrying out a carefully planned espionage campaign against government agencies and critical infrastructure across Asia. The group, tracked under the temporary designation SHADOW-EARTH-053, has been active since at least December 2024, quietly targeting organizations in at least eight countries. The campaign uses a combination of malware tools and living-off-the-land […] The post China-Aligned Attackers Use ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A China-aligned threat group, tracked as SHADOW-EARTH-053, has been carrying out a multi-stage espionage campaign against government agencies and critical infrastructure across Asia since at least December 2024. The campaign utilizes a combination of malware tools, including ShadowPad, IOX Proxy, and WMIC.

⚙️Technical Details

Affected Systems

Government agenciesCritical infrastructure

Attack Vectors

ShadowPadIOX ProxyWMIC

💥Impact Assessment

Severity: High

Who Is at Risk

Government agencies and critical infrastructure across Asia

🛡️Recommended Actions

1Monitor system logs for suspicious activity related to ShadowPad, IOX Proxy, and WMIC

2Implement strict access controls for sensitive data and systems

3Conduct regular security audits and vulnerability assessments

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed