216.73.217.80

ToolShell Used to Compromise Telecoms Company in Middle East

· Published 23/10/2025 15:22 · Modified 30/10/2025 15:18

Export JSON

Essential information

Published
23/10/2025 15:22
Modified
30/10/2025 15:18
Tags
2025-10-23 krustyloader shadowpad sliver telecoms toolshell warlock zingdoor
Related entities
1 intrusion sets (apt), 18 techniques (mitre), 6 malware, 7 others

Description

China-based attackers exploited the vulnerability (CVE-2025-53770) to compromise a Middle Eastern company and government agencies in Africa and South America. The attackers deployed malware such as , , and , which have been associated with Chinese threat groups like Glowworm and UNC5221. The campaign also targeted government departments, a university, and a finance company across multiple regions. The attackers used various tools and techniques, including DLL sideloading, credential theft, and publicly available utilities. The activity suggests a focus on espionage and establishing persistent access to victim networks.

External references