Who is Lilac Typhoon?

Lilac Typhoon is a threat actor attributed to CN, also known as DEV-0234. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Lilac Typhoon exploit?

Lilac Typhoon is known to exploit 1 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Lilac Typhoon

Also known as: DEV-0234

Exploited CVEs

Overview

Lilac Typhoon is a threat actor attributed to China. They have been identified as exploiting the Atlassian Confluence RCE vulnerability CVE-2022-26134, which allows for remote code execution. This vulnerability has been used in cryptojacking campaigns and is included in commercial exploit frameworks. Lilac Typhoon has also been involved in deploying various payloads such as Cobalt Strike, web shells, botnets, coin miners, and ransomware.

Exploited Vulnerabilities

CVE ID	Action
CVE-2022-26134	View Details