beijing_linked_hackers
Beijing-linked hackers are described in the provided content as China-linked threat actors actively exploiting the max-severity React Server Components remote code execution vulnerability CVE-2025-55182, also referred to as React2Shell. The content states that AWS warned these actors were exploiting the flaw, and that attackers from China and North Korea were among those abusing it in active campaigns. The exploitation activity is associated with widespread targeting of vulnerable internet-facing React Server Components deployments, with at least 15 distinct intrusion clusters tracked in a 24-hour period and more than 50 organizations across multiple sectors reportedly impacted. The content does not provide specific malware families, sub-groups, or additional aliases beyond the generic label "Beijing-linked hackers."
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.