Striking Panda Attacks: APT31 Today
Nov. 27, 2025, 7:37 p.m.
Description
APT31, a Chinese cyber espionage group, has been actively targeting the Russian IT sector from 2024 to 2025, particularly companies working as contractors for government agencies. The group uses sophisticated tactics to remain undetected, including leveraging cloud services as command and control infrastructure and deploying new malware samples. APT31 demonstrates knowledge of target organizations' workflows, timing attacks during holidays. They use a prepared script for lateral movement and have deployed new malware such as AufTime, COFFProxy, VtChatter, YaLeak, CloudyLoader and OneDriveDoor. The group employs various persistence techniques, credential access methods, and data exfiltration tools. APT31 continues to evolve its toolkit while maintaining some older tools, allowing them to remain undetected in victim networks for years while extracting sensitive data.
Tags
Date
- Created: Nov. 27, 2025, 6:37 p.m.
- Published: Nov. 27, 2025, 6:37 p.m.
- Modified: Nov. 27, 2025, 7:37 p.m.
Indicators
- f506898cc7c2e092f9eb9fadae7ba50383f5b46a2a4fe5597dbb553a78981268
- adc9bf081e1e9da2fbec962ae11212808e642096a9788159ac0acef879fd31e8
- 90d2d1af406bdca41b14c303e6525dfc65565883bf2d4bf76330aa37db69eceb
- 4f53a5972fca15a04dc9f75f8046325093e9505a67ba90552100f6ad20c98f8b
- www.rttvnews.com
- www.moeodincovo.com
- moeodincovo.com
- sohbetturke.com
- rttvnews.ru
- rttvnews.com
- linuxsecuritycont.com
Additional Informations
- Technology
- Government
- Russian Federation