Daniel Kuhl ✌🏻☮️☕️Dec 24

#CheckPoint Research revealed a sophisticated wave of attacks attributed to the Chinese #threat actor #InkDragon, which targets European governments while continuing campaigns in Southeast Asia and South America. The threat actor converts compromised #IIS servers into relay nodes with #ShadowPad, exploits predictable configuration keys for access, and deploys a new #FinalDraft #backdoor for exfiltration and lateral movement.

https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/

Ink Dragon's Relay Network and Stealthy Offensive Operation

Key Findings Introduction Check Point Research tracks a sustained, highly capable espionage cluster, which we refer to as Ink Dragon, and is referenced in other reports as CL-STA-0049, Earth Alux, or REF7707. This cluster is assessed by several vendors to be PRC-aligned. Since at least early 2023, Ink Dragon has repeatedly targeted government, telecom, and […]

Check Point Research
The Threat CodexDec 16
Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation
#InkDragon #ShadowPad #CDBLoader #LalsDumper #FINALDRAFT
https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
Ink Dragon's Relay Network and Stealthy Offensive Operation

Key Findings Introduction Check Point Research tracks a sustained, highly capable espionage cluster, which we refer to as Ink Dragon, and is referenced in other reports as CL-STA-0049, Earth Alux, or REF7707. This cluster is assessed by several vendors to be PRC-aligned. Since at least early 2023, Ink Dragon has repeatedly targeted government, telecom, and […]

Check Point Research