Back

Operation TrueChaos: Exploitation of TrueConf Zero-Day Vulnerability

Severity: High (Score: 77.8)

Sources: Bleepingcomputer, Research.Checkpoint

Summary

In early 2026, a series of targeted attacks named Operation TrueChaos exploited a zero-day vulnerability in TrueConf software, tracked as CVE-2026-3502, which allows attackers to execute arbitrary files on connected endpoints. The flaw, stemming from a missing integrity check in the update mechanism, affects TrueConf versions 8.1.0 through 8.5.2. Government entities in Southeast Asia were primarily targeted, with attackers gaining control of on-premises TrueConf servers to distribute malicious updates. The campaign is attributed to a Chinese-nexus threat actor based on observed tactics and infrastructure. Following the report, a patch was released in March 2026. The attack method involved replacing legitimate updates with malicious files, impacting multiple agencies. The incident highlights significant risks for organizations using TrueConf in sensitive environments. Key Points: • CVE-2026-3502 allows arbitrary file execution via compromised TrueConf updates. • Operation TrueChaos targets government entities in Southeast Asia, attributed to a Chinese threat actor. • A patch for the vulnerability was released in March 2026 after the discovery.

Key Entities

  • Amaranth Dragon (apt_group)
  • Malware (attack_type)
  • Supply Chain Attack (attack_type)
  • Zero-day Exploit (attack_type)
  • TrueChaos (campaign)
  • TrueConf (company)
  • Alibaba Cloud (company)
  • CVE-2026-3502 (cve)
  • Government (industry)
  • Havoc (malware)
  • ShadowPad (malware)
  • 22e32bcf113326e366ac480b077067cf (md5)
  • 248a4d7d4c48478dcbeade8f7dba80b3 (md5)
  • 9b435ad985b733b64a6d5f39080f4ae0 (md5)
  • T1055 - Process Injection (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1071 - Application Layer Protocol (mitre_attack)
  • T1548.002 - Bypass User Account Control (mitre_attack)
  • T1574 - Hijack Execution Flow (mitre_attack)
  • Tencent (platform)
  • Windows (platform)
  • 7z.exe (tool)
  • 7z-x64.dll (tool)
  • Inno Setup (tool)
  • Iscicpl.exe (tool)
  • Iscsicpl.exe (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed