APT

Researchers Reveal TA585’s MonsterV2 Malware Capabilities, Full Attack Chain

Cybersecurity researchers have exposed a previously undocumented threat actor, TA585, which delivers an off-the-shelf malware called MonsterV2 through targeted phishing campaigns. Proofpoint researchers describe TA585 as operating a self-owned, end-to-end attack chain, managing infrastructure, delivery, and payload installation without relying on third-party distribution services. Background and delivery methods TA585 has used multiple delivery techniques in […]

Researchers Reveal TA585’s MonsterV2 Malware Capabilities, Full Attack Chain Read More »

From HealthKick to GOVERSHELL: Tracking the Evolution of UTA0388 Espionage Malware

A China aligned threat actor tracked as UTA0388 has run multiple spear phishing campaigns across North America, Asia, and Europe, with the main aim of delivering a Go based implant known as GOVERSHELL. Volexity reported these operations on Wednesday, noting that initial messages impersonated senior researchers and analysts from fabricated organizations, to trick recipients into

From HealthKick to GOVERSHELL: Tracking the Evolution of UTA0388 Espionage Malware Read More »

Mustang Panda Employs New DLL Side Loading Technique to Deploy Malware

Security researchers have observed a renewed Mustang Panda campaign that uses a fresh DLL side-loading method to deliver malicious payloads, targeting Tibetan advocacy groups with politically themed lures. The operation first appeared in June, 2025, and combines archive-based phishing, hidden library files, dynamic API resolution, and periodic task scheduling to maintain persistence and execute stolen

Mustang Panda Employs New DLL Side Loading Technique to Deploy Malware Read More »

IRGC-Linked APT35’s Structure, Toolset, and Espionage Operations Revealed

Since surfacing in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its methods to target government agencies, energy companies, and diplomatic missions across the Middle East and beyond. What began as credential-harvesting phishing campaigns has matured into a modular, multi-stage toolkit that supports deep network infiltration and prolonged espionage.

IRGC-Linked APT35’s Structure, Toolset, and Espionage Operations Revealed Read More »

Chinese Hackers Use Open-Source Nezha Tool in Latest Cyberattack Campaign

Threat actors believed to be linked to China have repurposed a legitimate open-source monitoring framework, Nezha, to conduct a coordinated cyberattack, researchers found. The campaign, observed in August 2025 by Huntress, used a log poisoning technique to plant a PHP web shell on vulnerable web servers, then leveraged that access to deploy Nezha and ultimately

Chinese Hackers Use Open-Source Nezha Tool in Latest Cyberattack Campaign Read More »

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities

A new intelligence report has revealed connections between two Chinese research firms, the Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII), and China’s Ministry of State Security (MSS). According to cybersecurity firm Recorded Future, BIETA appears to be managed or influenced by the MSS based

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities Read More »

Confucius Hackers Target Pakistan With WooperStealer and Anondoor Malware

A persistent threat actor known as Confucius has been linked to a fresh phishing campaign focused on Pakistan, deploying information stealers and, more recently, a Python-based backdoor. Security firms have observed the group using malware families such as WooperStealer and Anondoor to harvest sensitive data and to establish longer-term access on compromised systems. Background and

Confucius Hackers Target Pakistan With WooperStealer and Anondoor Malware Read More »

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024

A critical security flaw in Broadcom VMware Tools and VMware Aria Operations has been actively exploited since October 2024. According to cybersecurity researchers at NVISO Labs, the attacks are linked to a China-based hacking group tracked as UNC5174 (also known as Uteus or Uetus). The bug, identified as CVE-2025-41244 with a CVSS score of 7.8,

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024 Read More »

Phantom Taurus, a China-Linked Hacker Group, Targets Governments With Stealth Malware

Over the past two and a half years, a China-linked, state-aligned cyber espionage group, known as Phantom Taurus, has been observed targeting government and telecommunications organizations across Africa, the Middle East, and Asia. The group focuses on intelligence collection, aiming to obtain sensitive diplomatic and defense-related data, often aligning its operations with major geopolitical events

Phantom Taurus, a China-Linked Hacker Group, Targets Governments With Stealth Malware Read More »

Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts

According to an analysis by Proofpoint, the intrusions impersonated senior figures and organizations involved in U.S.-China relations, including the Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party, and the U.S.-China Business Council. The emails specifically targeted people working on trade, economic policy, and bilateral relations, implying

Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts Read More »