This sophisticated cyber espionage campaign has been monitored in regions around the South China Sea, targeting important government and media entities. Using spear-phishing to deliver a malicious WinRAR archive, attackers exploit CVE-2025-8088, a path traversal vulnerability, to initiate their multi-stage attack.
Following the initial compromise, the adversaries install a persistence script that facilitates further payload downloads using legitimate software as a disguise. Notably, the campaign employs DLL sideloading tactics throughout its execution phases, exploiting common tools like OBS and Adobe Creative Cloud to conceal its operation. Communication with command-and-control servers over HTTPS enables comprehensive remote access, while XOR encryption complicates detection by security systems.
👉 Pročitaj original: Cyber Security News
