Google’s security teams have observed at least five distinct Chinese threat groups actively exploiting the React2Shell vulnerability. These groups are leveraging the flaw for the purpose of delivering various forms of malware, posing a significant threat to targeted systems.

Exploitation by Chinese Groups

The observation by Google indicates a coordinated effort from multiple state-sponsored or state-aligned Chinese groups. Their focus on the React2Shell vulnerability demonstrates a specific targeting strategy to gain unauthorized access and distribute malicious payloads across compromised networks.

Impact of Malware Delivery

The use of React2Shell for malware delivery can lead to a range of severe consequences, including data exfiltration, system control, and further network compromise. Organizations and users are advised to be aware of this active exploitation campaign and implement necessary protective measures to mitigate risks associated with the React2Shell vulnerability.

Source: https://www.securityweek.com/google-sees-5-chinese-groups-exploiting-react2shell-for-malware-delivery/