Key Findings China-linked APT24 group used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads The group shifted from broad web compromises to more advanced techniques targeting Taiwan, including repeated supply-chain attacks through a compromised marketing firm and spear-phishing attacks BadAudio is a custom C++ first-stage downloader that pulls an AES-encrypted payload from a fixed C2 server and run
