Miguel Afonso CaetanoNov 21

"Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access to victim networks.

While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting organizations in Taiwan. This includes the repeated compromise of a regional digital marketing firm to execute supply chain attacks and the use of targeted phishing campaigns.

This report provides a technical analysis of the BADAUDIO malware, details the evolution of APT24's delivery mechanisms from 2022 to present, and offers actionable intelligence to help defenders detect and mitigate this persistent threat.

As part of our efforts to combat serious threat actors, GTIG uses the results of our research to improve the safety and security of Google’s products and users. Upon discovery, all identified websites, domains, and files are added to the Safe Browsing blocklist in order to protect web users across major browsers. We also conducted a series of victim notifications with technical details to compromised sites, enabling affected organizations to secure their sites and prevent future infections."

https://cloud.google.com/blog/topics/threat-intelligence/apt24-pivot-to-multi-vector-attacks

#CyberSecurity #China #WateringHole #APT24 #Badaudio #Phishing #Taiwan #MultiVectorAttacks

APT24's Pivot to Multi-Vector Attacks | Google Cloud Blog

PRC-nexus APT24 uses BADAUDIO malware in a persistent, multi-vector espionage campaign targeting Taiwan.

Google Cloud Blog
Brett Sheffield (he/him)Sep 9, 2025

@ansuz writes about #SupplyChain / #WateringHole attacks:

"...check if you have a business relationship with the organization from which that component was sourced. If you do not, then it's not a supply chain attack because that software component did not come from a supplier"

https://cryptography.dog/blog/back-to-watering-holes/

#FOSS #OpenSource

Supply chains and watering holes

On the apparently subtle distinction between supply chains and watering holes

@Om*Aug 30, 2025

the third place...

#thirdplace #wateringhole #options #community #publiclibrary

Catherine Rowan Jones/Ivy FoxJun 6, 2025

Day 6 of #30DaysWild

Very little time to spare today, so I haven't managed to get outdoors. I have been thinking about #nature though; more specifically, how best to support my #hedgehog visitor(s).

I'm going to go through the older crockery & those plant pots that moved home with me, and set up a mini #wildlife #wateringhole :)

Y'all gotta drink!

NaugaMay 19, 2025
#DrinkLocal #Beer
View from the covered seating area at my local #PacificNorthwest #WateringHole neighborhood #Beergarden. They also sell produce, flowering baskets, and veggie #Garden starts.
Unofficial PetaPixel BotMar 19, 2025
Hidden Cameras Reveal Animal Behavioral Change at Watering Holes https://petapixel.com/2025/03/19/hidden-cameras-reveal-animal-behavioral-change-at-watering-holes/ #hiddencameras #wateringhole #research #savannah #africa #lions #News
Hidden Cameras Reveal Animal Behavioral Change at Watering Holes

Humans have a direct impact.

PetaPixel
lazarusholicMar 17, 2025
"Malicious HWP Document Disguised as Reunification Education Support Application" published by Ahnlab. #Wateringhole, #DPRK, #CTI https://asec.ahnlab.com/en/86841/
Malicious HWP Document Disguised as Reunification Education Support Application - ASEC

On March 5, AhnLab SEcurity intelligence Center (ASEC) found a post recruiting students for a unification-related course, which included a link to download a malicious HWP document. At the time of analysis, there were download links for JPG, HWP, and DOC files at the bottom of the post. The HWP file among them was identified […]

ASEC
lazarusholicMar 14, 2025
"통일 교육 지원서로 위장한 악성 한글 문서" published by Ahnlab. #Wateringhole, #DPRK, #CTI https://asec.ahnlab.com/ko/86762/
통일 교육 지원서로 위장한 악성 한글 문서 - ASEC

AhnLab SEcurity intelligence Center(ASEC)은 지난 3월 5일 통일 관련 교육 수강생 모집 게시 글에서 악성 한글 문서를 다운로드하는 링크를 확인하였다. 분석 당시 게시 글 하단에는 각각 JPG, HWP, DOC 파일에 대한 다운로드 링크가 존재하였으며, 이 중 HWP 형식의 파일은 지원서를 위장한 악성 파일로 확인되었다.   그림 1. 게시 글 하단에 존재하는 다운로드 링크     다운로드 […]

ASEC
lazarusholicMar 7, 2025
"Kimsuky 그룹의 워터링 홀 공격, 통일 분야 교육 지원서를 위장한 악성 파일 유포 주의" published by ESTSecurity. #Kimsuky, #Wateringhole, #DPRK, #CTI https://blog.alyac.co.kr/5534
Kimsuky 그룹의 워터링 홀 공격, 통일 분야 교육 지원서를 위장한 악성 파일 유포 주의

안녕하세요? 이스트시큐리티 시큐리티대응센터(이하 ESRC)입니다.   국내 유명 대학에서 개최하는 통일 분야 교육 프로그램 지원서 파일을 이용한 워터링 홀 공격이 발견되어 관련자분들의 각별한 주의가 필요합니다.   워터링 홀 공격이란?공격 대상이 자주 방문하는 웹사이트에 미리 악성코드를 심어두고, 대상이 접속할 때를 기다렸다가 감염시키는 공격 기법입니다. 해당 방법은 특정 웹사이트를 방문하는 대상을 노려 효율적으로 감염시킬 수 있다는 점에서 위험성이 높습니다.  이번 공격은 통일 분야 교육 프로그램 수강생을 모집하기 위해 작성된 공지 게시글에 악성 지원서 문서 파일을 업로드하여, 교육 수강 신청을 위해 사이트를 방문한 사용자가 지원서 파일을 다운로드 및 실행하여 악성 파일이 감염되는 방식을 사용하고 있습..

이스트시큐리티 알약 블로그
Show threadDigitalDruidFeb 15, 2025

@amelie the 7” of ‘On My Radio’ was still in a functioning juke box in my local pub in the early-mid 90s (every other pub had upgraded to CD at the time). With Too Much Pressure as the B-side, we used to go ape-shit when both if not ‘Too Much’ came on. No one can/ could resist moving to that in some capacity after a few liveners 🍷🥳🔊

7 songs for 50p! #Vinyl #JukeBox #WateringHole #90s