Threat actors
SongXY
aptvia MISP
1 CVE attributed
SongXY is a Chinese APT group that employs phishing tactics to initiate cyberespionage campaigns. They utilize the Royal Road RTF builder, exploiting the CVE-2018-0798 vulnerability in Microsoft Equation Editor. In one instance, they sent a document containing a link to an attacker-controlled server, which automatically triggered upon opening, allowing them to gather information about the target's system configuration.
Attributed CVEs1
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2018-0798 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". | HIGH8.8 | 95%p100 | KEVPoC | 2025-10-28 |