Chinese APT Archives • Daily CyberSecurity

Twill Typhoon Exploits CDN Masquerading and DLL Sideloading to Breach APJ Networks Twill Typhoon DLL Sideloading

Twill Typhoon Exploits CDN Masquerading and DLL Sideloading to Breach APJ Networks

Do Son May 22, 2026

A sophisticated, highly targeted cyber-espionage campaign is actively penetrating corporate and critical infrastructure networks across the Asia-Pacific...

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure CL-UNK-1068 Chinese APT

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure

Do Son March 11, 2026

Since 2020, a sophisticated cluster of activity has been quietly infiltrating high-value organizations across South, Southeast, and...

Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX

Do Son March 10, 2026

Following recent regional escalations, researchers have identified a sharp increase in activity from Chinese-nexus APT (Advanced Persistent...

CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains CISA KEV Update, Cisco Zero-Day KEV Vulnerabilities

CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains

Do Son December 18, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive adding three critical vulnerabilities to...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Cisco Zero-Day Siege: Chinese Group UAT-9686 Deploys ‘Aqua’ Malware via CVSS 10 Root Exploit

Do Son December 18, 2025

A critical zero-day vulnerability in Cisco’s secure email appliances is under active siege by a sophisticated Chinese...

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading UNC6384 PlugX, LNK Exploit

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading

Do Son November 3, 2025

Researchers at Arctic Wolf Labs have uncovered an extensive cyber espionage campaign by UNC6384, a Chinese-affiliated threat...

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage Chinese APT Overlap, Zingdoor ShadowPad

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

Do Son October 23, 2025

Symantec’s investigation uncovered a complex web of interconnected Chinese espionage operations, with infrastructure and tooling overlapping multiple...

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware

Do Son October 7, 2025

A new report from StrikeReady Labs has revealed a sophisticated spear-phishing campaign targeting European governmental and aviation...

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

Do Son October 1, 2025

Researchers from Unit 42 have uncovered a previously undocumented Chinese state-aligned threat actor, dubbed Phantom Taurus, whose...

Zero-Day PoC Published: Privilege Escalation Flaw in VMware Tools Used by Chinese APT

Do Son September 30, 2025

A newly disclosed local privilege escalation vulnerability, CVE-2025-41244, has been exploited as a zero-day in the wild,...

EggStreme: New Fileless Malware from a Chinese APT Targets Philippine Military Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

EggStreme: New Fileless Malware from a Chinese APT Targets Philippine Military

Do Son September 12, 2025

Bitdefender Threat researchers have detailed a new and highly sophisticated fileless malware framework named EggStreme, used by...

An Espionage System: NSA, CISA, & Partners Expose Chinese APT Groups Chinese APT, cyber espionage

An Espionage System: NSA, CISA, & Partners Expose Chinese APT Groups

Do Son August 28, 2025

In a multinational alert, the U.S. National Security Agency (NSA), CISA, FBI, and partners from more than...

Inside UAT-7237, a Chinese APT Group Targeting Taiwan Chinese APT, cyberespionage

Inside UAT-7237, a Chinese APT Group Targeting Taiwan

Do Son August 18, 2025

Cisco Talos has published a detailed report exposing a newly designated threat group, UAT-7237, a Chinese-speaking advanced...

DeedRAT Backdoor: Chinese APT Targets Southeast Asian Governments via Vulnerable AV Software DeedRAT, Chinese Cyberattack

DeedRAT Backdoor: Chinese APT Targets Southeast Asian Governments via Vulnerable AV Software

Do Son July 22, 2025

In a newly uncovered campaign, LAB52 — the intelligence team at S2 Group — has identified a...

Critical 0-Day: Cityworks Flaw Actively Exploited by Chinese APT UAT-6382

Do Son May 22, 2025

A newly identified Chinese-speaking threat actor cluster, tracked as UAT-6382, is actively exploiting a zero-day vulnerability in...

Operation Digital Eye: Chinese APT Exploits Visual Studio Code Tunnels in High-Stakes Espionage Campaign

Do Son December 11, 2024

In a sophisticated cyberespionage campaign dubbed Operation Digital Eye, SentinelOne and Tinexta Cyber uncovered activities linked to...

Chinese APTs Shift Tactics to Evade Detection and Maintain Stealth Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Chinese APTs Shift Tactics to Evade Detection and Maintain Stealth

Do Son November 21, 2024

In light of increasing global tensions and heightened scrutiny, Chinese Advanced Persistent Threat (APT) groups are adapting...

Chinese APT Stately Taurus Exploits Visual Studio Code in Cyberespionage Attacks The observed connection between Listener.bat of Stately Taurus and ShadowPad

The observed connection between Listener.bat of Stately Taurus and ShadowPad

Chinese APT Stately Taurus Exploits Visual Studio Code in Cyberespionage Attacks

Do Son September 9, 2024

In a recent report, cybersecurity researchers at Unit 42 have uncovered a novel and concerning tactic employed...

Chinese APTs Target ASEAN Entities, Stealing Sensitive Diplomatic and Economic Data axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Chinese APTs Target ASEAN Entities, Stealing Sensitive Diplomatic and Economic Data

Do Son March 26, 2024

A detailed report from Unit 42 by Palo Alto Networks has uncovered a targeted campaign by two...

Unit 42’s Discovery: Chinese APT’s Strategic Targeting in Cambodia

Do Son November 8, 2023

Unit 42, the renowned threat intelligence team, has recently unearthed a sophisticated espionage operation orchestrated by Chinese...

Critical Alert 1 Active Exploit Detected Today