A China-linked threat actor known as APT24 has been using sophisticated malware called BADAUDIO to maintain persistent access to compromised networks through a campaign spanning nearly three years. The campaign includes supply chain attacks, web compromises, and spear-phishing, primarily targeting organizations in Taiwan and Southeast Asia. #APT24 #BADAUDIO
Keypoints
- APT24 is a China-nexus threat group engaging in long-term cyber espionage campaigns.
- The group has shifted from broad web compromises to targeted supply chain attacks and phishing.
- BADAUDIO is an obfuscated malware that acts as a first-stage downloader and exfiltrates system data.
- The campaign involves compromising over 20 websites and injecting malicious JavaScript to serve BADAUDIO.
- Additional campaigns target Southeast Asian nations using exploit kits and DLL sideloading techniques.
Read More: https://thehackernews.com/2025/11/apt24-deploys-badaudio-in-years-long.html