Key Findings China-linked hackers targeted a U.S. non-profit organization in a long-term espionage campaign. The group gained access to the network for several weeks in April 2025 and used various techniques to establish persistence and maintain long-term access. The attackers leveraged DLL sideloading via the vetysafe.exe application, a tactic commonly associated with China-linked APT groups such as Space Pirates, Kelp, and Earth Longzhi (a subgroup of APT41). The group also
