#China APT
6 stories taggedChina APT.
Mustang Panda Turns Zoho WorkDrive Into C2 in Twin Campaigns Against Indian Government
The China-aligned crew is running parallel operations against New Delhi ministries and hydropower operators, abusing a legitimate cloud collaboration service to move commands past network defenses.
TinyRCT Backdoor Surfaces in CL-STA-1062 Intrusions Across Southeast Asia
Palo Alto Networks ties the previously undocumented implant to a Chinese-speaking cluster targeting state-owned energy and government entities.
SprySOCKS Crosses Over: Windows Variants Surface With Driver-Level Hiding
Two undocumented Windows builds of the China-linked backdoor — tagged WIN_DRV and WIN_PLUS — extend a toolset previously seen only on Linux.
VerdantBamboo Ports BRICKSTORM to BSD, Goes Hunting for Linux Appliances
A China-nexus crew is rewriting its toolkit to live on the boxes most EDR vendors forgot about.
OP-512 Cluster Hits IIS Servers With Custom Web Shell Kit, Researchers Link Activity to China
A previously unreported intrusion set is dropping a bespoke web shell framework on Microsoft IIS servers, with espionage indicators pointing toward Beijing.
TA4922 Broadens European Targeting With ValleyRAT, Atlas RAT Loadouts
A China-nexus cluster tracked as TA4922 is hitting orgs in the UK, Germany, Italy, and South Africa, mixing known RATs with newer tooling.