Undisclosed Pakistani government entity
April 30, 2026
•[ cyber espionage, Shadow-Earth-053, Microsoft Exchange ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Pakistani government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Thai government entity
April 30, 2026
•[ espionage, vulnerability exploitation, web shells ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Thai government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Indian government entity
April 30, 2026
•[ espionage, web shell, ShadowPad ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Indian government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Myanmar government entity
April 30, 2026
•[ cyber espionage, vulnerability exploitation, web shells ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Myanmar government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Malaysian government entity
April 30, 2026
•[ espionage, vulnerability exploitation, unpatched software ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Malaysian government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Sri Lankan government entity
April 30, 2026
•[ cyber espionage, Shadow-Earth-053, unpatched servers ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Sri Lankan government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Taiwanese government entity
April 30, 2026
•[ espionage, state-sponsored, web shells ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Taiwanese government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Polish defense-sector organization
April 30, 2026
•[ espionage, web shells, ShadowPad ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Polish defense-sector organization by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
