DriftingCloud

MISP

Type:
Unknown

Country:
CN

First seen:
Unknown

Details:

DriftingCloud is a persistent threat actor known for targeting various industries and locations. They are skilled at developing or acquiring zero-day exploits to gain unauthorized access to target networks. Compromising gateway devices is a common tactic used by DriftingCloud, making network monitoring solutions crucial for detecting their attacks.

References (3)

socradar.io - Driftingcloud Apt Group Exploits Zero Day In Sophos Firewall
volexity.com - Driftingcloud Zero Day Sophos Firewall Exploitation And An Insidious Breach
trendmicro.com - Supply Chain Attack Targeting Pakistani Government Delivers Shad

Metadata

ID:	511
Created:	13/01/2026 17:48
Updated:	07/03/2026 16:00