Chinese APTs Hacking Asian Orgs With High-End Malware
Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.
An advanced persistent threat is a stealthy, long-term intrusion that maintains access to systems to steal data or disrupt operations.
Search across headline titles and summaries.
Background for this topic.
Advanced Persistent Threat describes a prolonged and targeted cyber intrusion where attackers maintain covert access to a network over extended periods. These intrusions often use customized malware, spear-phishing, and exploitation of specific vulnerabilities to avoid detection and sustain control. The focus is typically on intelligence collection, data theft, or strategic disruption rather than immediate financial gain.
For defenders, APTs pose significant challenges due to their stealth and adaptability, often bypassing traditional security tools. Effective defense involves continuous monitoring for unusual activity, timely patching of vulnerabilities exploited by these actors, and leveraging threat intelligence to recognize known intrusion patterns. Early identification and containment are crucial to limit damage and prevent persistent unauthorized access.
Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft
PeckBirdy command-and-control framework targeting gambling, government sectors in Asia since 2023 has been linked to China-aligned APTs
Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments
Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
Signs Point to Long-Active 'Sandworm' Military Intelligence Hackers at WorkRussian cyberattacks in late December 2025 that attempted to disrupt Poland's power grid have been attributed to "Sandworm," the codename for an advanced persistent threat group tied to a Moscow military intelligence unit that repeatedly uses wiper malware, including in these attacks.
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm
PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities.