Skip to content
Hunt.io researchers stumbled onto an active intrusion campaign in June 2026 while pivoting on known TencShell command-and-control infrastructure. A single HTTP header fingerprint on port 1111 led them to 13 Hong Kong-based servers and, on one of them, an open directory containing 2,431 files and 80 subdirectories: victim source code, custom exploit scripts, cloned login pages, and operator logs wi...
Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign | Huntaegis