SprySOCKS Backdoor Gets Windows Variants With Kernel-Level Stealth
China-linked FishMonger APT expands its Linux-only SprySOCKS backdoor to Windows with WIN_DRV and WIN_PLUS variants featuring kernel drivers and Print Spooler abuse.
10 articles tagged with "China Apt"
China-linked FishMonger APT expands its Linux-only SprySOCKS backdoor to Windows with WIN_DRV and WIN_PLUS variants featuring kernel drivers and Print Spooler abuse.
China-nexus APT group UAT-8302 targets South American and European governments using NetDraft, CloudSorcerer, and VShell backdoors. Cisco Talos reveals connections to multiple Chinese threat clusters.
Kaspersky uncovered a supply chain attack on DAEMON Tools official website. Trojanized installers deployed QUIC RAT backdoors to thousands of systems, with a dozen government and manufacturing targets receiving advanced payloads.
Unit 42 links CL-STA-1132 to Chinese state-sponsored actors exploiting CVE-2026-0300 for espionage. IOCs and attack timeline revealed after a month of active exploitation.
China-linked APT embeds kernel-level backdoors in telecom infrastructure across Middle East and Asia. Rapid7 finds stealthy implants evading detection for years.
Rapid7 attributes the six-month Notepad++ supply chain compromise to Chinese APT Lotus Blossom, revealing a custom Chrysalis backdoor and three distinct infection chains.
Chinese APT adds clipboard monitoring, browser stealing, and enhanced plugins to its long-running backdoor. Government entities in Asia remain primary targets.
AsyncOS fixes released for CVE-2025-20393 after weeks of active exploitation. Compromised appliances require full rebuild to remove persistent backdoors.
Huntress researchers discover 'MAESTRO' toolkit exploiting three VMware vulnerabilities. Attackers chained SonicWall VPN access with hypervisor escape to deploy persistent backdoors.
Chinese APT uses stolen certificate to sign malicious driver that disables security tools. First documented case of TONESHELL delivered via kernel-mode loader.