A recent cyberattack attributed to China-based threat actors demonstrated their commitment to infiltrating U.S. organizations that shape international policy. In April 2025, attackers exploited vulnerabilities such as CVE-2022-26134 and CVE-2021-44228 to gain access and establish long-term control over a U.S. non-profit organization. The attackers utilized advanced evasion techniques and targeted critical infrastructures to maintain their foothold for several weeks.
Forensic analysis identified links to established Chinese threat groups, including APT41 and subgroups like Space Pirates. The attackers employed DLL sideloading as their primary method for ensuring persistent access, leveraging legitimate software components to execute their malicious payloads. By creating scheduled tasks with SYSTEM privileges and utilizing command-and-control servers, the attackers displayed significant technical competence and resourcefulness in bypassing security measures, underscoring growing threats against U.S. policy institutions.
👉 Pročitaj original: Cyber Security News
