A new advanced malware framework called EggStreme was discovered during an attack on a Philippine military company, attributed to Chinese state-backed hackers. The multi-stage toolset enables espionage activities, including data theft, reconnaissance, and lateral movement, while evading traditional detection methods. #EggStreme #ChineseApt #PhilippineMilitary
Keypoints
- EggStreme is a multi-stage, fileless malware framework used for espionage.
- The core component, EggStremeAgent, facilitates reconnaissance, keystroke logging, and lateral movement.
- The malware seamlessly operates in memory, making detection difficult, and uses legitimate Windows services to hide its presence.
- The attack campaign lasted from April 2024 to June 2025, with signs of malware testing by threat actors in September 2025.
- Bitdefender decided to publicize EggStreme due to its sophistication and resilience against defensive solutions.
Read More: https://therecord.media/philippines-military-company-suspected-china-espionage-eggstreme-malware