Chinese Hackers Use IPv6 SLAAC for Network Attacks

An advanced persistent threat (APT) group aligned with China, known as TheWizards, has been linked to a lateral movement tool called Spellbinder. This tool enables adversary-in-the-middle (AitM) attacks by using IPv6 stateless address autoconfiguration (SLAAC) spoofing. Spellbinder intercepts packets and facilitates lateral movement within the compromised network.