Chinese APT Group Uses Military-Grade Fileless Malware in Espionage Campaign

A sophisticated Chinese Advanced Persistent Threat (APT) group has been identified deploying military-grade fileless malware in a recent espionage campaign targeting government and defense sectors. This stealthy attack leverages fileless techniques to evade traditional detection methods, operating directly in memory without leaving traces on the hard drive. The campaign highlights the increasing use of advanced cyber tools by state-sponsored actors to conduct covert surveillance and data exfiltration. Security experts emphasize the importance of enhanced endpoint detection and response (EDR) solutions to combat such threats. Organizations in critical infrastructure and defense industries are urged to adopt proactive cybersecurity measures, including continuous monitoring, threat intelligence sharing, and employee awareness training to mitigate risks posed by fileless malware attacks. This incident underscores the evolving landscape of cyber warfare where sophisticated APT groups exploit cutting-edge technologies to achieve strategic objectives while minimizing their digital footprint.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 11 Sep 2025 12:50:03 +0000

Cyber News related to Chinese APT Group Uses Military-Grade Fileless Malware in Espionage Campaign

Fileless vs Traditional Malware: Key Differences and Defense Strategies - Fileless malware represents a sophisticated evolution in cyber threats, differing fundamentally from traditional malware in its method of operation and detection challenges. Unlike traditional malware, which relies on malicious files stored on a ...
2 months ago Cybersecuritynews.com APT29 FIN7

Chinese APT Group Uses Military-Grade Fileless Malware in Espionage Campaign - A sophisticated Chinese Advanced Persistent Threat (APT) group has been identified deploying military-grade fileless malware in a recent espionage campaign targeting government and defense sectors. This stealthy attack leverages fileless techniques ...
3 months ago Infosecurity-magazine.com Chinese APT Group

Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
1 year ago Apnews.com

Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475

Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
9 months ago Cybersecuritynews.com

Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks - Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the ...
2 years ago Cysecurity.news APT41

What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
2 years ago Techtarget.com Cozy Bear APT29

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com

FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com Fancy Bear APT28 Turla Volt Typhoon

Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence

CVE-2022-50280 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

How Fileless Malware Works? - Analysis of Real Samples - Finally, we see inside the ANY.RUN sandbox that the attack uses InstallUtil.exe, another legitimate Windows tool, to execute the malicious payload in memory, keeping the entire operation fileless and stealthy. This is the real danger of fileless ...
8 months ago Cybersecuritynews.com

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky

Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon

Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 year ago Securelist.com

February 2024's Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign - Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to ...
1 year ago Blog.checkpoint.com

The SFPD's Intended Purchase of a Robot Dog Triggers Board of Supervisors' Oversight Obligations - The San Francisco Police Department wants to get a robot quadruped, popularly known as a robot dog. The city's Board of Supervisors has a regulatory duty to probe into this intended purchase, including potentially blocking it altogether. The SFPD ...
1 year ago Eff.org

Philippines military company suspected of China espionage using Eggstreme malware - A recent cybersecurity investigation has uncovered that a military company in the Philippines is suspected of being targeted by Chinese espionage activities involving the Eggstreme malware. This sophisticated malware campaign highlights the ongoing ...
3 months ago Therecord.media Chinese state-sponsored threat actors

Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
2 years ago Bleepingcomputer.com

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
2 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian

Chinese APT Group Targets IT Service Provider in Recent Cyber Espionage Campaign - A recent cyber espionage campaign has been uncovered involving a Chinese Advanced Persistent Threat (APT) group targeting an IT service provider. This attack highlights the increasing sophistication and persistence of state-sponsored threat actors in ...
2 months ago Cybersecuritynews.com Chinese APT Group

Ukraine Military Targeted With Russian APT PowerShell Attack - A sophisticated Russian advanced persistent threat has launched a targeted PowerShell attack campaign against the Ukrainian military. The attack is most likely perpetrated by malicious threat actors related to Shuckworm, a group with a history of ...
1 year ago Darkreading.com