China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it...

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group is exploiting unpatched Microsoft Exchange vulnerabilities to conduct cyberespionage against government and critical infrastructure targets across Asia and beyond...

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat APT group tracked as GopherWhisper. "The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoor...

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity researchers have discovered a JScript-based command-and-control C2 framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicious...

PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups

PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities...

The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns

Trend™ Research examines the complex collaborative relationship between China-aligned APT groups via the new “Premier Pass-as-a-Service” model, exemplified by the recent activities of Earth Estries and Earth Naga...

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware

Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. "Phantom Taurus' main focus areas include ministries of forei...

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

A previously undocumented China-aligned advanced persistent threat APT group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network VPN provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with...

Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions

South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execu...

Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company

A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention DLP company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the...

Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company

A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention DLP company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the...