China‑linked APTs target Asian governments, Poland, journalists and activists

Colleagues, a major campaign by China‑linked APTs has been uncovered targeting Asian governments, Poland, journalists and activists.
- Trend Micro: SHADOW‑EARTH‑053 exploits N‑day Microsoft Exchange and IIS, deploys Godzilla web shell and installs ShadowPad via DLL sideloading.
- Operators use tunneling, Mimikatz for privilege escalation, and custom RDP/SMB tools; primary vector — internet‑exposed IIS/Exchange.
- Citizen Lab: GLITTER CARP and SEQUIN CARP phishing target journalists and diaspora, employing AiTM, tracking pixels and credential theft.
Why this matters: urgently patch Exchange/IIS and deploy IPS/WAF or virtual patching.
What measures are you taking to protect your infrastructure?
#cybersecurity #APT #phishing #vulnerability


Latest comments
No comments yet.