ALL POSTS

Key Findings China-linked APT24 group used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads The group shifted from broad web compromises to more advanced techniques targeting Taiwan, including repeated supply-chain attacks through a compromised marketing firm and spear-phishing attacks BadAudio is a custom C++ first-stage downloader that pulls an AES-encrypted payload from a fixed C2 server and run

Key Findings China-nexus threat actor APT24 (also called Pitty Tiger) has been using a previously undocumented malware called BADAUDIO in a nearly 3-year espionage campaign. The campaign has targeted organizations in Taiwan, leveraging tactics like strategic website compromises, supply chain attacks, and targeted phishing. BADAUDIO is a highly obfuscated C++ malware that serves as a first-stage downloader, capable of fetching and executing encrypted payloads from command-and-