Beijing-linked hackers are hammering max-severity React bug, AWS warns

Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately.

In a new advisory, AWS said its threat intelligence teams "observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda."

Those attempts were captured through MadPot, Amazon's honeypot network, which logged scanning and exploit traffic tied to infrastructure previously linked to Beijing-aligned operators.

The attackers, who are known for exploiting web application bugs to hit organizations, were already flinging specially crafted HTTP requests based on public proof-of-concept exploits, according to Amazon.

"China continues to be the most prolific source of state-sponsored cyber threat activity, with threat actors routinely operationalizing public exploits within hours or days of disclosure," wrote CJ Moses, CISO and VP of Security Engineering at Amazon. "Through monitoring in our AWS MadPot ...