Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

APT32 Targets Chinese Cybersecurity

April 10, 2025
Reading Time: 2 mins read
in Alerts
SSRF Exploits Target AWS EC2 Instances

APT32, also known as OceanLotus, has launched a sophisticated cyberattack using GitHub to target Chinese cybersecurity professionals. The attack, identified by the ThreatBook Research and Response Team, began in mid-September 2024 and spread across various Chinese industries. APT32’s innovative use of GitHub and Visual Studio project tools marks a significant escalation in their tactics. The attackers embedded a malicious .suo file within a project, triggering execution upon compilation and deleting it to avoid detection.

The attacker, posing as a security researcher from a Chinese FinTech company, created a GitHub account under the name 0xjiefeng in October 2024.

This account forked multiple security tool projects, embedding backdoored Cobalt Strike plugins within the code. The attacker used a deceptive narrative to attract targets within the Chinese cybersecurity community, leveraging their trust in GitHub repositories and development environments like Visual Studio. The malicious code execution was triggered automatically when the project files were opened in Visual Studio.

The attack’s spread was amplified by Chinese blogs and platforms that unknowingly shared the backdoored projects, leading to a wider reach within the community. The attacker cleverly used machine translations to craft descriptions and instructions in Chinese, making the bait more enticing for the target audience. By embedding malicious code in Visual Studio project settings, the attack exploited the automatic loading of these tools to grant remote control over compromised systems.

This tactic allowed the attackers to steal intelligence and control large technology enterprises and cybersecurity research groups in China.

This incident highlights the evolving tactics of APT32 and other state-sponsored actors, who are now weaponizing trusted development tools like GitHub and Visual Studio. The attack underlines the vulnerability of even the most trusted platforms in the face of advanced persistent threats. Cybersecurity professionals and organizations must remain vigilant, updating their systems and tools and implementing robust threat detection measures to prevent similar attacks in the future.

Reference:
  • APT32 Uses GitHub to Launch Poisoning Attack on Chinese Cybersecurity Experts
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

FBI Seizes Multiple Game Piracy Sites

XORIndex Malware DPRK npm Attack

July 15, 2025
FBI Seizes Multiple Game Piracy Sites

NCC Urges Windows 11 Upgrade Cyber Defenses

July 15, 2025
FBI Seizes Multiple Game Piracy Sites

FBI Seizes Multiple Game Piracy Sites

July 15, 2025
Wing FTP Server RCE Flaw Exploited

WinRAR Zero-Day Exploit $80K on Dark Web

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Google Gemini Flaw Hijacks Email Summaries

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Wing FTP Server RCE Flaw Exploited

July 14, 2025

Latest Alerts

NCC Urges Windows 11 Upgrade Cyber Defenses

FBI Seizes Multiple Game Piracy Sites

XORIndex Malware DPRK npm Attack

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Subscribe to our newsletter

    Latest Incidents

    Elmo Impersonator Posts Antisemitic Content

    PET Imaging Phishing Attack Hits

    Louis Vuitton Data Breach Global Impact

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial