Undisclosed Pakistani government entity
April 30, 2026
•[ cyber espionage, Shadow-Earth-053, Microsoft Exchange ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Pakistani government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Sri Lankan government entity
April 30, 2026
•[ cyber espionage, Shadow-Earth-053, unpatched servers ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Sri Lankan government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
Undisclosed Polish defense-sector organization
April 30, 2026
•[ espionage, web shells, ShadowPad ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Polish defense-sector organization by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
