Tstark is a threat actor attributed to CN. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Tstark exploit?

Specific CVE exploitation data for Tstark is being tracked. Check the Strobes VI threat actor profile for updates.

Tstark

Exploited CVEs

Overview

TStark is a threat actor identified by X-Ops, associated with a cluster of devices that executed the bookmark buffer overflow exploit targeting CVE-2020-15069 (T1203). The actor exhibited odd telemetry behavior indicative of intermittent VPN usage, switching between IP addresses geolocated to Hong Kong and Chengdu. Analysis revealed malware samples for Mac OS X and iOS, as well as IFRAME injection code exploiting a WebAssembly vulnerability (T1189). Additionally, TStark was linked to the development of libsophos.so and the deployment of malicious payloads across their devices.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database