Ryan Goldberg and Kevin Martin attacked five companies in 2023 and extorted nearly $1.3 million from one of their victims.

The agency added the flaw to the KEV list days after hosting providers confirmed active, ongoing attacks.

CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion.

Xu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests.

Some attackers, which researchers link to The Com, have swatted company executives to increase leverage and pressure victims to pay their ransom demands.

Eran Haggiag, CEO & Founder, Glide Identity

The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk.

Investigators found the malware, dubbed Firestarter, on a federal agency's network in a campaign dating back to at least September 2025.

Researchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure.

The joint warning describes a major tactical shift by Chinese-linked hackers and lays out what organizations should do about it.