A Chinese-linked cyber espionage campaign targeted a U.S. nonprofit to influence foreign policy, employing advanced persistence techniques and known malicious tools. The operation utilized legitimate Windows components for stealth and shared tactics with groups like APT41 and Kelp. #ChineseEspionage #APT41 #SpacePirates
Keypoints
- The campaign focused on a U.S.-based nonprofit involved in U.S. foreign policy influence.
- Attackers initiated reconnaissance with server scans and exploit testing in early April 2025.
- Persistence was maintained using Windows scheduled tasks and legitimate Microsoft utilities.
- DLL sideloading and reuse of malware components link the operation to Chinese APT groups like Kelp and Earth Longzhi.
- The threat actors employed credential extraction tools and legitimate binaries to evade detection and deepen access.