Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately. In a new advisory, AWS said its threat intelligence teams "observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda." Those attempts were captured through MadPot, Amazon's honeypot network, which logged scanning and exploit traffic tied to infrastructure previously linked to Beijing-aligned operators.
She was referencing previous comments from Fiona Hill, the British-American foreign affairs expert who advised the White House on Vladimir Putin and Russia during Donald Trump's first term. "Since the invasion of Ukraine, and the various things I read that the Russians have been doing here, sabotage, intelligence collection, attacking people, and so on... Fiona Hill, I think she may be right in saying we're already at war with Russia," the Baroness told podcast host Lord McFall of Alcluith.
The Static Tundra campaign highlights a simple truth: the most effective defense against state-sponsored exploitation of aging, unpatched devices is not a single patch or product - it's disciplined lifecycle and vulnerability management. Organizations that continue to run end-of-life infrastructure are leaving doors open that sophisticated adversaries are eager to walk through. Automation is the key to closing those doors at scale.