Threat Intelligence / Actor / BlueHammer (China-nexus) and RedSun (Iran-nexus, IRGC-adjacent)

BlueHammer (China-nexus) and RedSun (Iran-nexus, IRGC-adjacent)

Nation: China and Iran · 1 tracked threat(s) · Categories: VULNERABILITY

Also known as: BlueHammer, RedSun, VANGUARD PANDA, UNC5325, APT42, PIONEER KITTEN, Mint Sandstorm overlap

Tracked threats

BlueHammer & RedSun: Windows Defender CVE-2026-33825 Zero-Day Remote Code Execution — CRITICAL

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence