Pīnyīn: nà (nàr)

English: there, that

#Mandarin #Chinese #HSK1

Operation TaxShadow: Multi-Region Tax Phishing & In-Memory Malware Campaign

A sophisticated multi-stage malware campaign targets victims through tax-themed phishing emails impersonating Indian and Japanese government authorities. The operation leverages social engineering, fraudulent tax notifications, and trusted third-party email delivery services to distribute ZIP archives containing three staged payloads. The malware implements advanced evasion techniques including DLL Search Order Hijacking, API hooking, token manipulation, Mersenne Twister-based execution logic, COM callback execution, mutated RC4 encryption, and reflective PE loading. Execution occurs primarily in memory, significantly reducing forensic artifacts. The malware establishes persistent WebSocket-based command-and-control communication through HTTP protocol upgrades, allowing malicious traffic to blend with legitimate activity. Chinese-language artifacts were observed throughout the infrastructure and code, though attribution remains at moderate confidence. The campaign demonstrates characteristics of a mature, ...

Pulse ID: 6a2201a401cb916346d57934
Pulse Link: https://otx.alienvault.com/pulse/6a2201a401cb916346d57934
Pulse Author: AlienVault
Created: 2026-06-04 22:52:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Chinese #CyberSecurity #Email #Encryption #Government #HTTP #ICS #India #InfoSec #Japan #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SocialEngineering #ZIP #bot #AlienVault

Pīnyīn: tāmen

English: they

#Mandarin #Chinese #HSK1

⚡ #Chinese 🇨🇳 President Xi Jinping will visit the Democratic People's Republic of Korea on June 8-9. This is his first visit to the DPRK since 2019. [Geopolitics Watch]

Follow for more information