← All Threat Actors
Threat Actor Profile

SLIME88

No known aliases in database
⚠ Critical Threat
Apache ActiveMQ CVE-2026-34197 Exploitation
Origin China
Sponsor China (attributed)
Motivation espionage

Target Sectors

IT services Manufacturing Financial services Healthcare Government

Known TTPs

Exploitation of CVE-2026-34197 (Remote Code Execution)
Jolokia API exploitation
Malicious XML configuration injection
SoxAgent RAT deployment
Exploitation of default credentials
Authentication bypass via CVE-2024-32114
Establishment of ORB networks (GOBLIN14)

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD