UNC5221

Nation: China · 3 tracked threat(s) · Categories: MALWARE, VULNERABILITY

Also known as: China-nexus cluster, Warp Panda, UTA0178, Silk Typhoon, Emissary Panda, HAFNIUM, Operation Exchange Marauder, PROSPERO OOO operator

Tracked threats

BRICKSTORM Backdoor: UNC5221 PRC-Nexus APT Targeting VMware vSphere Infrastructure — CRITICAL
CVE-2025-53521: F5 BIG-IP APM Unauthenticated Remote Code Execution via Stack-based Buffer Overflow — CRITICAL
Ivanti EPMM Dual-CVE Unauthenticated RCE Chain (CVE-2026-1281 + CVE-2026-1340) — CVSS 9.8, CISA KEV, Dutch Government Breached, Bulletproof Hosting IAB, Sleeper Webshells, 28K+ Attacking IPs — CRITICAL

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence