Undisclosed Sri Lankan government entity
April 30, 2026
•[ cyber espionage, Shadow-Earth-053, unpatched servers ]
Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Sri Lankan government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
