Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs

In ablog postpublished this week, the security firm said it helped all customers update the software in 2024, and it’s confident that no users are currently running a vulnerable version.When CISA added the vulnerability to its KEV catalog last week,SecurityWeeknoted that Chinese threat actors may have been behind the attacks.TeamT5 has now toldSecurityWeekthat based on its investigation the exploitation was part of a supply chain attack likely conducted by Chinese APTs it tracks as Slime57 and Slime62.“The actor used hundreds of IP addresses, mostly compromised devices in Taiwan, to hide their real identity,” a TeamT5 spokesperson said.Related:Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage GroupRelated:Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value TargetsRelated:China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

When CISA added the vulnerability to its KEV catalog last week,SecurityWeeknoted that Chinese threat actors may have been behind the attacks.TeamT5 has now toldSecurityWeekthat based on its investigation the exploitation was part of a supply chain attack likely conducted by Chinese APTs it tracks as Slime57 and Slime62.“The actor used hundreds of IP addresses, mostly compromised devices in Taiwan, to hide their real identity,” a TeamT5 spokesperson said.Related:Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage GroupRelated:Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value TargetsRelated:China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

TeamT5 has now toldSecurityWeekthat based on its investigation the exploitation was part of a supply chain attack likely conducted by Chinese APTs it tracks as Slime57 and Slime62.“The actor used hundreds of IP addresses, mostly compromised devices in Taiwan, to hide their real identity,” a TeamT5 spokesperson said.Related:Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage GroupRelated:Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value TargetsRelated:China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

“The actor used hundreds of IP addresses, mostly compromised devices in Taiwan, to hide their real identity,” a TeamT5 spokesperson said.Related:Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage GroupRelated:Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value TargetsRelated:China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

Related:Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage GroupRelated:Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value TargetsRelated:China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

Related:Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value TargetsRelated:China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

Related:China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.

SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats.

Source: SecurityWeek