List of “Incident”

Incident

喜野孝太(Kota Kino)

February 13, 2026

Multiple Threat Actors Rapidly Exploit React2Shell: A Case Study of Active Compromise

On December 3, 2025 (local time), a vulnerability allowing unauthenticated remote code execution in React Server Components (RSC) (CVE-2025-55182) was disclosed. JPCERT/CC has received multiple incident reports related to this attack. Among them, there was a case in which this vulnerability was exploited by multiple threat actors within a short period of time, resulting in multiple incidents occurring simultaneously, including website defacement. This article demonstrates how rapidly and indiscriminately attackers...
Read more
Malware

増渕維摩(Yuma Masubuchi)

November 5, 2025

Update on Attacks by Threat Group APT-C-60

In JPCERT/CC Eyes, we previously reported on attacks conducted by Atta...
Read more
Malware

増渕維摩(Yuma Masubuchi)

August 14, 2025

CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks

From September to December 2024, JPCERT/CC has confirmed incidents involving CrossC2, the extension tool to create Cobalt Strike Beacon for Linux OS. The attacker employed CrossC2 as well as other tools such as PsExec, Plink, and Cobalt Strike in attempts to penetrate AD. Further investigation revealed that the attacker used custom malware (hereafter referred to as "ReadNimeLoader") as a loader for Cobalt Strike. Information submitted to VirusTotal suggests that this...
Read more
Malware

増渕維摩(Yuma Masubuchi)

July 18, 2025

Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities

JPCERT/CC Eyes previously introduced the malware SPAWNCHIMERA and Dslo...
Read more
Lazarus

佐々木勇人（Hayato Sasaki）

March 25, 2025

Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup

*Please note that this article is a translation of the Japanese versio...
Read more
Incident

朝長秀誠 (Shusei Tomonaga)

January 20, 2025

Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours

There have recently been reports of unauthorized access in Japan, usin...
Read more
Incident

朝長秀誠 (Shusei Tomonaga)

December 26, 2024

Recent Cases of Watering Hole Attacks, Part 2

Continuing from the previous article, Part 2 covers another case of a watering hole attack. This time, we will look at the case of a media-related website exploited in 2023. Flow of the attack Figure 1 shows the flow of the watering hole attack. When someone accesses the tampered website, an LZH file is downloaded, and when they execute the LNK file in the LZH file, their PC becomes infected...
Read more
Incident

朝長秀誠 (Shusei Tomonaga)

December 19, 2024

Recent Cases of Watering Hole Attacks, Part 1

Nowadays, many people probably recognize exploit of vulnerabilities in publicly exposed assets such as VPN and firewalls as the attack vector. In fact, many security incidents reported to JPCERT/CC also involve such devices. This is because vulnerabilities in VPN devices are exploited not only by APT groups but also by many other groups such as ransomware actors and cyber crime actors, and the number of incidents is high accordingly. As...
Read more
Incident

亀井智矢(Tomoya Kamei)

December 11, 2024

Attack Exploiting Legitimate Service by APT-C-60

JPCERT/CC has confirmed an attack against an organization in Japan in ...
Read more
Incident

朝長秀誠 (Shusei Tomonaga)

July 16, 2024

MirrorFace Attack against Japanese Organisations

JPCERT/CC has been observing attack activities by MirrorFace LODEINFO ...
Read more