APT24 Pivot to Multi-Vector Attacks

Nov. 21, 2025, 3:02 p.m.

Description

APT24, a Chinese threat actor, has conducted a three-year cyber espionage campaign using BADAUDIO, a highly obfuscated first-stage downloader. The group has evolved from broad strategic web compromises to more sophisticated tactics, including supply chain attacks and targeted phishing. They compromised a Taiwanese digital marketing firm, affecting over 1,000 domains. APT24 uses advanced techniques like control flow flattening, fingerprinting, and covert data exfiltration. The malware integrates with Cobalt Strike Beacon and employs DLL Search Order Hijacking for execution. The campaign demonstrates the actor's persistent and adaptive capabilities, highlighting the growing sophistication of Chinese cyber threats.

External References

https://cloud.google.com/blog/topics/threat-intelligence/apt24-pivot-to-multi-vector-attacks
https://otx.alienvault.com/pulse/691f6f351b8c5d05831416d7
Tags
obfuscation
phishing
supply chain
cobalt strike
china
cobalt strike beacon
cyber espionage
2025-11-20
badaudio
strategic web compromise

Date

  • Created: Nov. 20, 2025, 7:42 p.m.
  • Published: Nov. 20, 2025, 7:42 p.m.
  • Modified: Nov. 21, 2025, 3:02 p.m.

Attack Patterns

  • APT24

Additional Informations

  • Defense
  • Government
  • Taiwan