Threats Affecting China
View all threats affecting or targeting China. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
ChinaThreats Affecting China
Click on any threat for detailed analysis and mitigation recommendations
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware 0 AryStinger is a malware family that hijacks over 4,300 outdated routers built on Realtek RTL819X chips, primarily D-Link DIR-850L devices, to create a stealthy reconnaissance and intrusion support network. It exploits old vulnerabilities disclosed in 2013 and 2016 to install a lightweight Linux binary that performs distributed scanning and information gathering without typical malicious activities like file encryption or cryptocurrency mining. A second, more capable Go-based build targets NAS devices via a 2025 code injection vulnerability. The malware communicates with its command and control infrastructure using obfuscated protocols and establishes persistence via Dropbear SSH. The infected routers act as Executors that perform parallel scanning tasks, enabling efficient network footprinting. The infection is concentrated mainly in South Korea and China but also affects other countries. The malware's low detection rate and use of legacy hardware with no firmware updates pose ongoing risks to privacy, enterprise security, and national infrastructure. Join the discussion | Reddit Cybersecurity | 06/22/2026, 09:34:31 UTC Added: 06/22/2026, 10:24:04 UTC |
AryStinger botnet infected thousands of D-Link routers worldwide 0 A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...] Join the discussion | Bleeping Computer | 06/21/2026, 14:14:22 UTC Added: 06/21/2026, 16:49:45 UTC |
Gamers beware: malicious wallpapers on Steam found stealing accounts 0 Since late 2025, cybercriminals have been exploiting Wallpaper Engine, a popular live wallpaper application on Steam, to distribute malware through Steam Workshop. Attackers target primarily Chinese and Russian gamers by embedding malicious code within application wallpapers shared on the platform. These compromised wallpapers deliver various malware types including infostealers, backdoors, crypto miners, and ransomware. One analyzed sample dropped DarkKomet backdoor while hijacking Steam sessions to steal account credentials. The malware modifies system libraries to locate Steam installations and exfiltrate data to attacker-controlled servers. Compromised accounts are then used to upload additional malicious wallpapers. The diverse malware families suggest multiple independent hacking groups are exploiting this distribution method. Infected wallpapers received thousands of downloads before removal, with 89% of infections occurring in China. Join the discussion | AlienVault OTX General | 06/16/2026, 09:50:13 UTC Added: 06/16/2026, 11:30:21 UTC |
Showing 1 to 3 of 3 results