ALL POSTS

Key Findings UAT-10362, a sophisticated threat actor, conducted targeted spear-phishing campaigns against Taiwanese NGOs and universities starting in October 2025 LucidRook, a Lua-based malware stager, was delivered through password-protected RAR and 7-Zip archives with decryption passwords included in phishing emails Two distinct infection chains were identified: one using Windows Shortcut files and another using .NET executables masquerading as antivirus software Both chain

Key Findings China-linked APT24 group used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads The group shifted from broad web compromises to more advanced techniques targeting Taiwan, including repeated supply-chain attacks through a compromised marketing firm and spear-phishing attacks BadAudio is a custom C++ first-stage downloader that pulls an AES-encrypted payload from a fixed C2 server and run

Key Findings China-nexus threat actor APT24 (also called Pitty Tiger) has been using a previously undocumented malware called BADAUDIO in a nearly 3-year espionage campaign. The campaign has targeted organizations in Taiwan, leveraging tactics like strategic website compromises, supply chain attacks, and targeted phishing. BADAUDIO is a highly obfuscated C++ malware that serves as a first-stage downloader, capable of fetching and executing encrypted payloads from command-and-