Over the past year, a previously quiet Chinese threat cluster has surged onto incident-response dashboards worldwide, pivoting from single zero-day hits to an industrialized pipeline of weaponized vulnerabilities.

First detected targeting unpatched Fortinet SSL-VPN appliances in late-2024, the group—dubbed “Goujian Spider” by incident handlers—now blends rapid vulnerability acquisition with skillful post-exploitation automation, breaching defense contractors, chip designers, and maritime-logistics firms in nine countries