Threats Tagged 'china-nexus'
View all threats tagged with 'china-nexus'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'china-nexus'
Click on any threat for detailed analysis and mitigation recommendations
The Crown Prince, Nezha 0 Beginning in August 2025, a sophisticated intrusion was discovered where attackers used log poisoning techniques to deploy a web shell on vulnerable phpMyAdmin panels. The threat actors exploited misconfigured web applications to plant China Chopper web shells, controlled via AntSword, before deploying Nezha, an open-source monitoring tool, to facilitate remote command execution. This led to the deployment of Ghost RAT on compromised systems. Analysis revealed over 100 compromised machines, predominantly located in Taiwan, Japan, South Korea, and Hong Kong. The attackers demonstrated technical proficiency through multi-stage operations, utilizing AWS and VPS infrastructure, with indicators pointing to China-nexus threat actors. The campaign highlights increasing abuse of legitimate publicly available tools to achieve malicious objectives while maintaining plausible deniability. Join the discussion | AlienVault OTX General | 07/03/2026, 21:26:02 UTC Added: 07/06/2026, 09:21:27 UTC |
Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. of India/MoF Tax Infrastructure via Multi-Stage DcRAT Deployment 0 A sophisticated China-aligned cyber espionage campaign targeting India's tax infrastructure was identified between May and June 2026. The operation impersonates the Income Tax Department, Ministry of Finance, exploiting the AY2026-27 ITR filing season to target corporate entities, tax professionals, chartered accountants, and taxpayers. The attack employs spear-phishing emails with malicious attachments mimicking legitimate government utilities. The multi-stage infection chain deploys DcRAT through steganographic payload concealment, fileless .NET execution, AMSI bypass, and Windows service persistence. The threat actor demonstrates operational maturity through active payload rotation achieving 0/66 detection rates, encrypted TLS-based C2 communications, and infrastructure hosted across multiple ASNs linked to China. The campaign shows overlaps with the China-nexus threat actor Silver Fox, featuring screen capture capabilities, data exfiltration, and systematic intelligence collection from high-value India... MediumMalware Join the discussion | AlienVault OTX General | 06/26/2026, 12:50:31 UTC Added: 06/26/2026, 17:57:21 UTC |
Public and Private Medical Community Targeted by Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research 0 A sophisticated espionage campaign attributed to UNC6508, a China-nexus threat actor, targeted North American academic, medical, and military research institutions for over a year. The adversary exploited REDCap servers, deployed custom INFINITERED malware to harvest credentials, and maintained persistent access through trojanized legitimate files that survived software upgrades. After remaining undetected for more than a year, the threat actor pivoted to administrative accounts and created malicious content compliance rules to silently exfiltrate emails containing defense intelligence, Indo-Pacific command operations, artificial intelligence research, uncrewed vehicle systems, cyber programs, and medical research data. The operation employed sophisticated techniques including obfuscation networks routing through US-based infrastructure, compromised routers, and dedicated exfiltration accounts, demonstrating advanced operational security aligned with strategic intelligence collection requirements. Join the discussion | AlienVault OTX General | 06/15/2026, 19:33:11 UTC Added: 06/16/2026, 11:30:21 UTC |
Showing 1 to 3 of 3 results