Cyber Resilience

Campaign · all campaigns

Cutting EdgeC0029 state

🇨🇳 CN

aka Cutting Edge

Last updated: 2026-07-03

0attributed CVEs
42ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Cutting Edge](https://attack.mitre.org/campaigns/C0029) was a campaign conducted by suspected China-nexus espionage actors, variously identified as UNC5221/UTA0178 and UNC5325, that began as early as December 2023 with the exploitation of zero-day vulnerabilities in Ivanti Connect Secure (previously Pulse Secure) VPN appliances. [Cutting Edge](https://attack.mitre.org/campaigns/C0029) targeted the U.S. defense industrial base and multiple sectors globally including telecommunications, financial, aerospace, and technology. [Cutting Edge](https://attack.mitre.org/campaigns/C0029) featured the use of defense evasion and living-off-the-land (LoTL) techniques along with the deployment of web shells and other custom malware.(Citation: Mandiant Cutting Edge January 2024)(Citation: Volexity Ivanti Zero-Day Exploitation January 2024)(Citation: Volexity Ivanti Global Exploitation January 2024)(Citation: Mandiant Cutting Edge Part 2 January 2024)(Citation: Mandiant Cutting Edge Part 3 February 2024)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-427 / 4264%
CM-626 / 4262%
AC-324 / 4257%
CM-223 / 4255%
SI-320 / 4248%
AC-219 / 4245%
AC-619 / 4245%
AC-517 / 4240%
CM-517 / 4240%
CM-716 / 4238%
CA-715 / 4236%
IA-215 / 4236%
SC-713 / 4231%
AC-411 / 4226%
RA-510 / 4224%

Co-occurring actors

None.

Similar actors

Similar TTPs

Same nation-state