China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

Cisco Talos has identified a China-linked APT group, UAT-8837, targeting North American critical infrastructure using a Sitecore zero-day vulnerability. The group exploits this vulnerability to gain initial access and deploys various tools to harvest sensitive information, including credentials and Active Directory details. Once inside, they disable security features, conduct reconnaissance, and potentially exfiltrate sensitive data, raising concerns about supply chain security.