China-Linked APT Expands Proxy Network With New Malware
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
An advanced persistent threat is a stealthy, long-term intrusion that maintains access to systems to steal data or disrupt operations.
Search across headline titles and summaries.
Background for this topic.
Advanced Persistent Threat describes a prolonged and targeted cyber intrusion where attackers maintain covert access to a network over extended periods. These intrusions often use customized malware, spear-phishing, and exploitation of specific vulnerabilities to avoid detection and sustain control. The focus is typically on intelligence collection, data theft, or strategic disruption rather than immediate financial gain.
For defenders, APTs pose significant challenges due to their stealth and adaptability, often bypassing traditional security tools. Effective defense involves continuous monitoring for unusual activity, timely patching of vulnerabilities exploited by these actors, and leveraging threat intelligence to recognize known intrusion patterns. Early identification and containment are crucial to limit damage and prevent persistent unauthorized access.
Weekly headline count for the current query.
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research
Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack
ESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on users
A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines
PeckBirdy command-and-control framework targeting gambling, government sectors in Asia since 2023 has been linked to China-aligned APTs
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm
The FBI says North Korea’s Kimsuky APT group is using QR codes in spear phishing campaigns
A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs
Bitdefender said the sophisticated multi-stage operation allowed attackers to maintain persistent access and steal sensitive data from a Philippines military company
Silver Fox APT abuses Microsoft-signed drivers to kill antivirus and deploy ValleyRAT remote-access backdoor
Cisco Talos observed the newly identified group compromise a Taiwanese web hosting provider to conduct a range of malicious activities
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict
DoNot APT, also known as APT-C-35, traditionally operates exclusively in South Asia
Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities
The FishMonger APT Group has been linked with I-SOON, targeting governments, NGOs and think tanks in cyber-espionage campaigns
Europe is hit hard as geopolitics drives increase in state-backed APT and hacktivist activity
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign