top of page
ALL POSTS
China-Linked TA4922 Hackers Deploy SilentRunLoader Malware Against UK and European Targets
Key Findings TA4922, a suspected China-aligned cybercrime group, has expanded operations from East Asia to target organisations in the UK, Germany, Italy, and South Africa The group uses locally-tailored phishing emails impersonating tax authorities, benefits services, and government agencies to increase open rates SilentRunLoader, a new Python-based malware likely developed with LLM assistance, steals Chrome credentials, cookies, and browsing data TA4922 employs a diverse to
Jun 32 min read
Hidden VMs: How Hackers Leverage QEMU to Steal Data and Spread Malware Stealthily
Key Findings Sophos researchers identified a significant uptick in threat actors using QEMU, an open-source emulator, to hide malware in virtual machines and evade detection Two distinct campaigns since late 2025 leverage QEMU for defense evasion: STAC4713 linked to PayoutsKing ransomware and STAC3725 exploiting CitrixBleed2 Attackers use hidden VMs to maintain long-term access, steal credentials and data, deploy ransomware, and leave minimal forensic traces on host systems T
Apr 183 min read
bottom of page
