Threat Intelligence Report

Unraveling the WSUS Exploit Chain

📅 March 7, 2026 📰 jsac.jpcert.or.jp 🔍 0 CVE(s) referenced

A financially motivated, China-nexus threat actor known as DragonClover exploited a critical WSUS vulnerability (CVE-2025-59287) to achieve remote code execution, abuse legitimate tools like Velociraptor for persistent access, and deploy a range of post-exploitation payloads across multiple global campaigns.

gov

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle