Google is now tracking at least five Chinese cyber-espionage groups that are exploiting the React2Shell vulnerability for initial access.

Google is now tracking at least five Chinese cyber-espionage groups that are exploiting the React2Shell vulnerability for initial access.

The groups are UNC6600, UNC6586, UNC6588, UNC6603, and UNC6603. This is up from two at the beginning.

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) | Google Cloud Blog

Widespread exploitation of the React2Shell vulnerability (CVE-2025-55182) by multiple threat actors, including China and cyber criminals.

Google Cloud Blog (cloud.google.com)