TA415, a state-aligned Chinese threat actor, has launched spearphishing campaigns targeting U.S. government and academic organizations to gather economic intelligence. These operations use sophisticated impersonations and legitimate cloud services to establish covert remote access. #TA415 #WickedPanda
Keypoints
- TA415 conducted spearphishing attacks targeting U.S. institutions in July and August 2025.
- The campaigns impersonated prominent figures and organizations related to U.S.-China relations.
- Malicious payloads used legitimate developer tools and cloud services to maintain stealthy access.
- TA415 exploited trusted platforms like Google Sheets, Google Calendar, and VS Code Remote Tunnels for command-and-control.
- The timing correlates with Chinese economic and trade negotiations, indicating strategic intelligence collection.
Read More: https://securityonline.info/the-silent-spy-how-chinese-hackers-are-exploiting-u-s-china-policy/