APT41 Archives • Daily CyberSecurity

APT41’s New “Zero-Detection” Backdoor Targets Linux Workloads APT41 Linux Backdoor SMTP Command and Control

APT41’s New “Zero-Detection” Backdoor Targets Linux Workloads

Do Son April 15, 2026

A sophisticated new threat has been unmasked targeting the heart of enterprise cloud infrastructure. Researchers from Breakglass...

Unmasking Silver Dragon: The Chinese-Nexus APT Haunting Southeast Asia and Europe CloudComputating - QSC framework

Unmasking Silver Dragon: The Chinese-Nexus APT Haunting Southeast Asia and Europe

Do Son March 5, 2026

Cybersecurity researchers at Check Point Research (CPR) have lifted the veil on a sophisticated advanced persistent threat...

PlugX Evolves: New “Meeting Invitation” Phishing Campaign Leverages Trusted Security Software Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

PlugX Evolves: New “Meeting Invitation” Phishing Campaign Leverages Trusted Security Software

Do Son March 4, 2026

Cybersecurity researchers at LAB52 have released a detailed analysis of a new infection chain for the long-running...

Taiwan Faces 2.6 Million Cyberattacks Daily from China Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Taiwan Faces 2.6 Million Cyberattacks Daily from China

Do Son January 8, 2026

Recently, Taiwan’s National Security Bureau (NSB) has released a comprehensive report detailing a massive surge in state-sponsored...

Ink Dragon’s Global Mesh: How Chinese Spies Turn Compromised Government Servers into C2 Relay Nodes Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Ink Dragon’s Global Mesh: How Chinese Spies Turn Compromised Government Servers into C2 Relay Nodes

Do Son December 18, 2025

A sophisticated Chinese cyber-espionage group is rewriting the rules of persistence, turning compromised government servers into a...

China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading China APT Espionage, DLL Sideloading

China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading

Do Son November 10, 2025

A new investigation by the Broadcom Threat Hunter Team has uncovered a China-linked cyber espionage campaign that...

The Silent Spy: How Chinese Hackers are Exploiting U.S.-China Policy Chinese espionage groups APT35 Phishing, Stormshield CTI

The Silent Spy: How Chinese Hackers are Exploiting U.S.-China Policy

Do Son September 18, 2025

State-aligned Chinese threat actor TA415 (also tracked as APT41, Brass Typhoon, Wicked Panda) has launched a series...

APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign

Do Son July 22, 2025

In a newly published report, Kaspersky’s Managed Detection and Response (MDR) team has unveiled a high-level cyberespionage...

Ransomware or Espionage? Fog Ransomware Attack in Asia Raises Suspicion with Rare Toolset Fog Ransomware, Espionage

Ransomware or Espionage? Fog Ransomware Attack in Asia Raises Suspicion with Rare Toolset

Do Son June 14, 2025

In May 2025, a financial institution in Asia was targeted in a highly anomalous ransomware attack that...

APT41 Unleashes Stealthy Malware Using Google Calendar for Covert C2!

Do Son June 10, 2025

APT41—also known as BARIUM, Wicked Panda, and Brass Typhoon—is a well-known Chinese state-sponsored APT group notorious for...

APT41 Uses Google Calendar as Covert C2 in Stealthy Cyberespionage Campaign

Do Son May 30, 2025

In an example of cloud service abuse, Google Threat Intelligence Group (GTIG) has uncovered a new APT41...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

APT41/RedGolf Infrastructure Briefly Exposed: Fortinet Zero-Days Targeted Shiseido

Do Son April 21, 2025

In a rare window into the operations of an advanced persistent threat, a KeyPlug-linked infrastructure briefly went...

Updated ShadowPad Malware Facilitates Ransomware Deployment in Global Attacks CVE-2024-1212 Vulnerability

Updated ShadowPad Malware Facilitates Ransomware Deployment in Global Attacks

Do Son February 20, 2025

A new report from Trend Micro has revealed that ShadowPad, a modular malware with deep ties to...

China-Nexus Espionage: ScatterBrain Obfuscation Tactics Revealed ScatterBrain - POISONPLUG.SHADOW

China-Nexus Espionage: ScatterBrain Obfuscation Tactics Revealed

Do Son January 30, 2025

A recent analysis by Mandiant has unmasked ScatterBrain, a sophisticated obfuscating compiler used to protect POISONPLUG.SHADOW, an...

Cybercriminals Exploit Cracked Acunetix Scanner for Malicious Attacks CVE-2024-36072 Water Gamayun, MSC EvilTwin

Cybercriminals Exploit Cracked Acunetix Scanner for Malicious Attacks

Do Son December 23, 2024

Cybercriminals are increasingly weaponizing cracked versions of legitimate vulnerability scanning tools, like the Araneida Scanner, for malicious...

APT41’s LightSpy Campaign Expands with Advanced DeepData Framework in Targeted Espionage Against Southern Asia

Do Son November 14, 2024

The BlackBerry Research and Intelligence Team has uncovered a new chapter in the LightSpy espionage campaign, marking...

Pacific Rim: Sophos Exposes 5 Years of Chinese Cyber Espionage Pacific Rim APT

Pacific Rim: Sophos Exposes 5 Years of Chinese Cyber Espionage

Do Son November 3, 2024

In a newly released report titled “Pacific Rim,” Sophos X-Ops uncovers a five-year campaign by China-based threat...

Chinese Threat Groups Leverage Ransomware for Political Gain

Do Son October 7, 2024

A recent report released by the Natto Team, a renowned group specializing in geopolitical analysis and cyber...

CISA Warns of Actively Exploited Microsoft COM for Windows Flaw CVE-2018-0824

CISA Warns of Actively Exploited Microsoft COM for Windows Flaw

Do Son August 5, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a Microsoft COM...

Chinese APT41 Group Breaches Taiwanese Research Institute

Do Son August 1, 2024

A recent report from Cisco Talos has revealed a sophisticated cyberattack targeting a Taiwanese government-affiliated research institute....

Critical Alert 1 Active Exploit Detected Today