TheWizards is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does TheWizards exploit?

Specific CVE exploitation data for TheWizards is being tracked. Check the Strobes VI threat actor profile for updates.

TheWizards

Exploited CVEs

Overview

TheWizards is a China-aligned APT group that employs the Spellbinder tool for adversary-in-the-middle attacks, utilizing IPv6 SLAAC spoofing to redirect legitimate software updates to malicious servers. They have developed the WizardNet backdoor for Windows and serve DarkNights to Android applications, indicating a connection to Dianke Network Security Technology. The group targets individuals and companies in the Philippines, Cambodia, the UAE, mainland China, and Hong Kong. ESET has observed their infrastructure and tools, including the acquisition of servers for hosting C&C and malicious updates.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database