Crimson Collective

APT Group 2 zero-day CVEs

Also Known As

No alias recorded

Target Countries 1

Countries highlighted in red

United States

Sectors Targeted

Software Publishers 51121 Telecommunications 517 Computer Systems Design and Related Services 54151 Computer Systems Design Services 541512

Details

Last Updated 09 Oct 2025

MITRE ATT&CK 23

T1021 - Remote Services T1021.007 - Remote Services Cloud Services T1069 - Permission Groups Discovery T1069.003 - Permission Groups Discovery Cloud Groups T1074 - Data Staged T1074.002 - Data Staged Remote Data Staging T1078 - Valid Accounts T1078.004 - Valid Accounts Cloud Accounts T1087 - Account Discovery T1087.004 - Account Discovery Cloud Account T1136.003 - Create Account Cloud Account T1213 - Data from Information Repositories T1213.003 - Data from Information Repositories Code Repositories T1526 - Cloud Service Discovery T1530 - Data from Cloud Storage T1566 - Phishing T1567 - Exfiltration Over Web Service T1578 - Modify Cloud Compute Infrastructure T1578.001 - Modify Cloud Compute Infrastructure Create Snapshot T1578.002 - Modify Cloud Compute Infrastructure Create Cloud Instance T1578.005 - Modify Cloud Compute Infrastructure Modify Cloud Compute Configurations T1580 - Cloud Infrastructure Discovery T1619 - Cloud Storage Object Discovery

Related Zero-Days 2

CVE-2021-26855 CVE-2025-41244