#APT #OceanLotus: memory plug-ins and espionage purpose in latest years ti.qianxin.com/blog/articles/…

Malware seems from #APT #Donot 893561ff6d17f1e95897b894dde29a2a hxxps://totalservices.info/WxporesjaTexopManor/ptomekasresdkolertys

#APT #CNC #UTG-Q-011 Recent espionage campaign operated by threat actors from South Asia targets Chinese scientific research in the maritime and other fields. ti.qianxin.com/blog/articles/…

#APT #Patchwork targets Nepal with Spyder malware dcd38befbaff3b153c40cd9c2858e72a myprivatedrives[.]com hxxp://myprivatedrives.com/ticket_line/openai.php hxxp://myprivatedrives.com/ticket_line/certificate.php

#APT #APT-Q-12 APT-Q-12 has exploited a #0day existing in the Foxmail Windows client in recent campaign and we reported it to Tencent immediately. Now the vuln has been fixed and Windows users are suggested updating to latest version 7.2.25 (2025-03-28). mp.weixin.qq.com/s/GkKocGG4iVGk…

#APT #Kimsuky 7ec88818697623a0130b1de42fa31335 (dropper, with digital signature "CJ Olivenetworks Co., Ltd") 580d7a5fdf78dd3e720b2ce772dc77e9 (dll, "C:\\Users\\Public\\config.dat") hxxp://gsegse.dasfesfgsegsefsede.o-r.kr/login.php (162[.220.11.186)

At the recently held CYDES 2025, we disclosed #APT group #NightEagle (APT-Q-95). This threat group has been targeting high-tech industries for a long time, including chip semiconductors, AI/GPT and other fields. Actors used an unknown Exchange exploit chain. PPT: #IOCs #APT

Brief analysis of Chrome vuln #CVE-2025-6554, which was exploited in the wild. ti.qianxin.com/blog/articles/…

"Mimo" Gang used #Sharepoint #ToolShell to deliver "4l4md4r" #ransomware, which is written in Go language and contains religious-style function names. Report: mp.weixin.qq.com/s/h6_ijQAHhq4t…

#APT #Bitter targets Iraqi-Sri Lanka Committee docx --> dotm --> VBA 4e87283dcc6b2e22edba7bc8aab290cf ("Meetings of the nineteenth session of the Iraqi-Sri Lanka Committee.docx") f0246943f8fd24a7e5df9aa1776849d0 ("DesignTemplate.dotm") hxxps://glamormusicwave.com