Nation-State Chinese Hackers Target Medical, Military, and AI Research in North America Google’s Threat Intelligence Group has been tracking the cyberespionage group as UNC6508 since early 2025. Eduard KovacsJune 15, 2026
Malware & Threats Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT. Ionut ArghireMay 14, 2026
Nation-State Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. Eduard KovacsMay 7, 2026
Malware & Threats China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks Dubbed GopherWhisper, the group relies on multiple Go-based backdoors alongside custom loaders and injectors. Ionut ArghireApril 25, 2026
Nation-State Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. Ionut ArghireMarch 26, 2026
Nation-State China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation The state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months. Ionut ArghireMarch 16, 2026
Malware & Threats Google Disrupts Chinese Hackers Targeting Telecoms, Governments The UNC2814 threat actor has been active since at least 2017, targeting organizations across 42 countries. Eduard KovacsFebruary 25, 2026
Nation-State Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs The vulnerability in TeamT5 ThreatSonar Anti-Ransomware was recently added to CISA’s KEV catalog. Eduard KovacsFebruary 24, 2026
Malware & Threats Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group GTIG and Mandiant said the zero-day tracked as CVE-2026-22769 has been exploited by UNC6201 since at least 2024. Eduard KovacsFebruary 18, 2026
Malware & Threats Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom Firms China-linked UNC3886 targeted all four major telecom providers, but did not disrupt services or access customer information. Ionut ArghireFebruary 10, 2026
Malware & Threats Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries Palo Alto Networks has not attributed the APT activity to any specific country, but evidence points to China. Eduard KovacsFebruary 5, 2026
Malware & Threats Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. Ionut ArghireDecember 30, 2025
Cyberwarfare UK Government Acknowledges It Is Investigating Cyber Incident After Media Reports The British government is investigating a “cyber incident” following news reports that hackers linked to China have gained access to thousands of confidential documents. Associated PressDecember 22, 2025
Malware & Threats Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments The hacking group has been using Group Policy to deploy cyberespionage tools on governmental networks. Ionut ArghireDecember 19, 2025
Malware & Threats China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances. Eduard KovacsDecember 18, 2025
Malware & Threats Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery Google has also mentioned seeing React2Shell attacks conducted by Iranian threat actors. Eduard KovacsDecember 15, 2025
Malware & Threats US Organizations Warned of Chinese Malware Used for Long-Term Persistence Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations. Ionut ArghireDecember 5, 2025
Malware & Threats Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks APT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads. Ionut ArghireNovember 21, 2025
Nation-State Over 50,000 Asus Routers Hacked in ‘Operation WrtHug’ A Chinese threat actor is exploiting known vulnerabilities in discontinued Asus devices in an Operational Relay Box (ORB) facilitation campaign. Ionut ArghireNovember 20, 2025
Artificial Intelligence Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign A state-sponsored threat actor manipulated Claude Code to execute cyberattacks on roughly 30 organizations worldwide. Ionut ArghireNovember 14, 2025