Threats Tagged 'healthkick'

In collaboration with the International Consortium of Investigative Journalists (ICIJ), two distinct actor clusters aligned with the People's Republic of China were identified targeting journalists and civil society members. GLITTER CARP conducted widespread credential harvesting campaigns against Uyghur, Tibetan, Taiwanese, and Hong Kong diaspora activists, as well as journalists covering these communities, employing digital impersonation and fake security alerts while frequently reusing infrastructure. SEQUIN CARP specifically targeted journalists involved in ICIJ's China Targets investigation using sophisticated OAuth consent phishing attacks with well-developed personas based on co-opted narratives, though operational mistakes revealed poor persona management. Both campaigns demonstrate China's Military-Civil Fusion system leveraging private contractors to conduct digital transnational repression at scale, with targeting intensifying following the China Targets publication that exposed Chinese governme...

Between March and June 2025, three Chinese state-sponsored threat actors conducted targeted phishing campaigns against the Taiwanese semiconductor industry. The campaigns targeted organizations involved in semiconductor manufacturing, design, testing, supply chain, and financial analysis. This activity likely reflects China's strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains. The threat actors used various tactics including job application lures, investment collaboration pitches, and credential phishing. They deployed custom malware like Voldemort backdoor and HealthKick, as well as tools like Cobalt Strike. The targeting extended beyond semiconductor companies to include financial analysts specializing in the Taiwanese semiconductor market, indicating comprehensive intelligence collection efforts across the sector.

MediumCampaignGermanyFranceNetherlands+3#semiconductor#unk_droppitch#unk_sparkycarp