China-linked Actors Maintain Focus on Organizations Influencing U.S. Policy

Nov. 7, 2025, 9:45 a.m.

Description

Chinese threat actors continue to target U.S. organizations involved in policy issues. A recent intrusion into a non-profit organization active in influencing U.S. government policy on international matters occurred in April 2025. The attackers, likely Chinese-based, used various techniques to establish persistence and maintain long-term network access. They employed DLL sideloading, legitimate tools for malicious purposes, and attempted to compromise domain controllers. The attack chain included mass scanning, network reconnaissance, and the use of tools previously linked to Chinese groups like Space Pirates, Kelp, and APT41. This activity reflects China's ongoing interest in monitoring and influencing U.S. policy, particularly in the current geopolitical climate.

Tags
espionage
china
persistence
CVE-2021-44228
dll sideloading
apt41
CVE-2017-9805
2025-11-07
dcsync
CVE-2022-26134
CVE-2017-17562
deed rat
policy influence
domain controllers
space pirates
kelp

Date

  • Created: Nov. 7, 2025, 9:04 a.m.
  • Published: Nov. 7, 2025, 9:04 a.m.
  • Modified: Nov. 7, 2025, 9:45 a.m.

Indicators

  • f52b86b599d7168d3a41182ccd89165e0d1f2562aa7363e0718d502b7e3fcb69
  • dae63db9178c5f7fb5f982fbd89683dd82417f1672569fef2bbfef83bec961e2
  • 6f7f099d4c964948b0108b4e69c9e81b5fc5ff449f2fa8405950d41556850ed9
  • 51ffcff8367b5723d62b3e3108e38fb7cbf36354e0e520e7df7c8a4f52645c4d
  • e356dbd3bd62c19fa3ff8943fc73a4fab01a6446f989318b7da4abf48d565af2
  • 99a0b424bb3a6bbf60e972fd82c514fd971a948f9cedf3b9dc6b033117ecb106
  • http://38.180.83.166/6CDF0FC26CDF0FC2
Download all indicators here!

Attack Patterns

  • Dcsync
  • Deed RAT
  • APT41

Additional Informations

  • NGO
  • Government
  • China
  • United States of America

Linked vulnerabilities

CVE-2017-17562

None
Published:

CVE-2017-9805

None
Published:

CVE-2021-44228

None
Published:

CVE-2022-26134

None
Published: