Threat Research

    PlushDaemon Compromises Network Devices for Adversary-in-the-Middle Attacks

    PlushDaemon is a China-aligned espionage group active since at least 2018, targeting entities in China, Taiwan, Hong Kong, Cambodia, South Korea, the United States, and New Zealand....
    11/24/2025  0
    Read More »

    The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors

    A recent intrusion beginning in August 2025 revealed China-nexus threat actors using a technique called log poisoning to deploy a China Chopper web shell on vulnerable web servers. The attackers used AntSword for control and introduced a lesser-known tool, Nezha, to run commands and later deploy Ghost RAT. This marks the first known use of Nezha in web compromises....
    10/15/2025  0
    Read More »

    Threat Analysis: SquidLoader - Still Swimming Under the Radar

    A new wave of SquidLoader malware is actively targeting financial institutions in Hong Kong. This advanced malware demonstrates strong evasion techniques, showing near-zero detection of VirusTotal during analysis. SquidLoader’s attack chain leads to the deployment of a Cobalt Strike Beacon, enabling remote access and control....
    7/16/2025  0
    Read More »

    Lotus Blossom Espionage Group Targets Multiple Industries With Different Versions of Sagerunex and Hacking Tools

    Lotus Blossom (aka Spring Dragon, Billbug, Thrip) is an espionage group active since 2012. Our assessment links the group's campaigns through shared TTPs, backdoors, and victim profiles. Since at least 2016, Lotus Blossom has used the Sagerunex backdoor, increasingly leveraging persistent command shells and evolving new Sagerunex variants....
    3/5/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.