Threat Research

    China-nexus Threat Actor Targets Persian Gulf Region With PlugX

    In March 2026, the team identified activity by a China-nexus threat actor targeting countries in the Persian Gulf region. The campaign used a multi-stage attack chain to deploy a PlugX backdoor variant on compromised systems. Both the shellcode and PlugX backdoor employed obfuscation techniques to hinder reverse engineering....
    3/16/2026  0
    Read More »

    How RainyDay, Turian and a New PlugX Variant Abuse DLL Search Order Hijacking

    Our team identified an ongoing campaign, active since 2022, targeting telecommunications and manufacturing sectors in Central and South Asia, delivering a new PlugX variant. This variant shares features with both RainyDay and Turian backdoors, including DLL sideloading via legitimate apps and the XOR-RC4-RtlDecompressBuffer encryption technique....
    9/25/2025  0
    Read More »

    Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

    In March 2025, Intelligence Group uncovered a PRC-linked UNC6384 campaign targeting diplomats in Southeast Asia, aligning with China's cyber espionage goals. The threat actor hijacked captive portals to deliver a signed downloader, STATICPLUGIN, which deployed the PlugX backdoor in memory....
    8/26/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.