Threat Research - Tag:Philippines | Gurucul

The Notepad++ Supply Chain Attack — Unnoticed Execution Chains and New IoCs

The Notepad++ supply chain attack exploited a compromised update infrastructure to deliver malicious updates through multiple, constantly rotating execution chains, C2 servers, and payloads....

2/4/2026 0

Autumn Dragon China-Nexus APT Group Targets South East Asia Using Multi-Stage DLL Sideloading

Since early 2025, China’s presence in the Indo-Pacific has become increasingly assertive. Activities have ranged from heightened maritime tensions to acting as a peacebroker for Myanmar’s junta. More recently, espionage efforts have targeted joint Philippine naval exercises with the US, Australia, Canada, and New Zealand....

11/24/2025 0

Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

The Earth Kurma APT campaign targets government and telecommunications sectors in Southeast Asia, particularly in the Philippines, Vietnam, Thailand, and Malaysia. This sophisticated attack uses advanced malware, including custom rootkits and cloud storage for data exfiltration....

4/28/2025 0

Lotus Blossom Espionage Group Targets Multiple Industries With Different Versions of Sagerunex and Hacking Tools

Lotus Blossom (aka Spring Dragon, Billbug, Thrip) is an espionage group active since 2012. Our assessment links the group's campaigns through shared TTPs, backdoors, and victim profiles. Since at least 2016, Lotus Blossom has used the Sagerunex backdoor, increasingly leveraging persistent command shells and evolving new Sagerunex variants....

3/5/2025 0

Pubload Malware from Stately Taurus

Stately Taurus is our designation for a China-based cyberespionage group first identified in 2017, with potential activity dating back to 2012. Recently, it has targeted government and military entities in Myanmar, Nepal, the Philippines, and Sri Lanka. A file disguised as CCleanerReactivator has been linked to PubLoad malware infections....

2/26/2025 0