#shadowpad — Public Fediverse posts

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

SHADOW-EARTH-053: la campagna APT cinese che spia governi asiatici, la NATO e i diplomatici cubani

https://insicurezzadigitale.com/shadow-earth-053-la-campagna-apt-cinese-che-spia-governi-asiatici-la-nato-e-i-diplomatici-cubani/

#CheckPoint Research revealed a sophisticated wave of attacks attributed to the Chinese #threat actor #InkDragon, which targets European governments while continuing campaigns in Southeast Asia and South America. The threat actor converts compromised #IIS servers into relay nodes with #ShadowPad, exploits predictable configuration keys for access, and deploys a new #FinalDraft #backdoor for exfiltration and lateral movement.

https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/

#CheckPoint Research revealed a sophisticated wave of attacks attributed to the Chinese #threat actor #InkDragon, which targets European governments while continuing campaigns in Southeast Asia and South America. The threat actor converts compromised #IIS servers into relay nodes with #ShadowPad, exploits predictable configuration keys for access, and deploys a new #FinalDraft #backdoor for exfiltration and lateral movement.

https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/

#CheckPoint Research revealed a sophisticated wave of attacks attributed to the Chinese #threat actor #InkDragon, which targets European governments while continuing campaigns in Southeast Asia and South America. The threat actor converts compromised #IIS servers into relay nodes with #ShadowPad, exploits predictable configuration keys for access, and deploys a new #FinalDraft #backdoor for exfiltration and lateral movement.

https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/

Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation
#InkDragon #ShadowPad #CDBLoader #LalsDumper #FINALDRAFT
https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/

Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287)
#CVE_2025_59287 #ShadowPad
https://asec.ahnlab.com/en/91166/

Threat actors are actively exploiting CVE-2025-59287 in WSUS to deploy ShadowPad.

ASEC notes the attackers used PowerCat for shell access, then fetched and installed ShadowPad with certutil/curl, executing it through DLL side-loading.

How are you securing WSUS or other update infrastructure in your environment?
💬 Share your insights
⭐ Follow TechNadu for timely threat intel

#infosec #WSUS #ShadowPad #CVE2025 #malware #threatintel #sysadmin #DFIR #TechNadu

ToolShell Used to Compromise Telecoms Company in Middle East
#CVE_2025_53770 #Zingdoor #KRUSTYLOADER #ShadowPad #CVE_2021_36942
https://www.security.com/threat-intelligence/toolshell-china-zingdoor

ToolShell Used to Compromise Telecoms Company in Middle East
#CVE_2025_53770 #Zingdoor #KRUSTYLOADER #ShadowPad #CVE_2021_36942
https://www.security.com/threat-intelligence/toolshell-china-zingdoor

ToolShell Used to Compromise Telecoms Company in Middle East
#CVE_2025_53770 #Zingdoor #KRUSTYLOADER #ShadowPad #CVE_2021_36942
https://www.security.com/threat-intelligence/toolshell-china-zingdoor

ToolShell Used to Compromise Telecoms Company in Middle East
#CVE_2025_53770 #Zingdoor #KRUSTYLOADER #ShadowPad #CVE_2021_36942
https://www.security.com/threat-intelligence/toolshell-china-zingdoor

ToolShell Used to Compromise Telecoms Company in Middle East
#CVE_2025_53770 #Zingdoor #KRUSTYLOADER #ShadowPad #CVE_2021_36942
https://www.security.com/threat-intelligence/toolshell-china-zingdoor

Good day everyone!

This is a really interesting read from SentinelOne Labs . Back in October 2024 they dealt with a reconnaissance operation that was related to the activity cluster tracked as #PurpleHaze and then in 2025 "they helped disrupt an intrusion linked to a wider #ShadowPad operation". The activity was attributed to China-nexus threat actors.

The article gives an in-depth view of what it looks like when an organization that is responsible for "IT services and logistics" gets compromised, which we could call a supply-chain attack. The article also provides a TON of technical details about tools and infrastructure that was used, indicators of compromise to scan for in your environment, and behaviors and commands that were observed throughout. This one may take a while to read but its worth it! Thanks to the researchers Dr Aleksandar Milenkoski and Tom Hegel for this report! I hope you all enjoy it as much as I did. Happy Hunting!

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
#SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
https://www.theregister.com/2025/06/09/china_malware_flip_switch_sentinelone/

Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
#SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
https://www.theregister.com/2025/06/09/china_malware_flip_switch_sentinelone/

Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
#SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
https://www.theregister.com/2025/06/09/china_malware_flip_switch_sentinelone/

Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
#SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
https://www.theregister.com/2025/06/09/china_malware_flip_switch_sentinelone/

Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
#SentinelOne discovered the campaign when they tried to hit the #security vendor's own servers
In their report, they describe a series of intrusions between July 2024 and March 2025 involving #ShadowPad #malware and post-exploitation espionage activity that SentinelOne has dubbed "#PurpleHaze", publicly reported as #APT15 and #UNC5174, And they're blaming #China.
https://www.theregister.com/2025/06/09/china_malware_flip_switch_sentinelone/

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/ #IncidentResponse #Malware&Threats #SentinelLabs #NationState #SentinelOne #PurpleHaze #Shadowpad #APT41 #China

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/ #IncidentResponse #Malware&Threats #SentinelLabs #NationState #SentinelOne #PurpleHaze #Shadowpad #APT41 #China

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/ #IncidentResponse #Malware&Threats #SentinelLabs #NationState #SentinelOne #PurpleHaze #Shadowpad #APT41 #China

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/ #IncidentResponse #Malware&Threats #SentinelLabs #NationState #SentinelOne #PurpleHaze #Shadowpad #APT41 #China

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/ #IncidentResponse #Malware&Threats #SentinelLabs #NationState #SentinelOne #PurpleHaze #Shadowpad #APT41 #China

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/ #IncidentResponse #Malware&Threats #SentinelLabs #NationState #SentinelOne #PurpleHaze #Shadowpad #APT41 #China

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/ #IncidentResponse #Malware&Threats #SentinelLabs #NationState #SentinelOne #PurpleHaze #Shadowpad #APT41 #China

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/ #IncidentResponse #Malware&Threats #SentinelLabs #NationState #SentinelOne #PurpleHaze #Shadowpad #APT41 #China

⚠️ Chinese hackers hit governments, media, and cybersecurity firms in a global cyber espionage spree. Over 70 orgs targeted using tools like ShadowPad and PurpleHaze.

Read: https://hackread.com/chinese-linked-hackers-targeted-global-organizations/

#CyberSecurity #China #CyberAttack #PurpleHaze #ShadowPad #APT15

⚠️ Chinese hackers hit governments, media, and cybersecurity firms in a global cyber espionage spree. Over 70 orgs targeted using tools like ShadowPad and PurpleHaze.

Read: https://hackread.com/chinese-linked-hackers-targeted-global-organizations/

#CyberSecurity #China #CyberAttack #PurpleHaze #ShadowPad #APT15

⚠️ Chinese hackers hit governments, media, and cybersecurity firms in a global cyber espionage spree. Over 70 orgs targeted using tools like ShadowPad and PurpleHaze.

Read: https://hackread.com/chinese-linked-hackers-targeted-global-organizations/

#CyberSecurity #China #CyberAttack #PurpleHaze #ShadowPad #APT15

⚠️ Chinese hackers hit governments, media, and cybersecurity firms in a global cyber espionage spree. Over 70 orgs targeted using tools like ShadowPad and PurpleHaze.

Read: https://hackread.com/chinese-linked-hackers-targeted-global-organizations/

#CyberSecurity #China #CyberAttack #PurpleHaze #ShadowPad #APT15

⚠️ Chinese hackers hit governments, media, and cybersecurity firms in a global cyber espionage spree. Over 70 orgs targeted using tools like ShadowPad and PurpleHaze.

Read: https://hackread.com/chinese-linked-hackers-targeted-global-organizations/

#CyberSecurity #China #CyberAttack #PurpleHaze #ShadowPad #APT15

State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure
#Gamaredon #RedFoxtrot #ShadowPad
https://hunt.io/blog/state-sponsored-activity-gamaredon-shadowpad

State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure
#Gamaredon #RedFoxtrot #ShadowPad
https://hunt.io/blog/state-sponsored-activity-gamaredon-shadowpad

State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure
#Gamaredon #RedFoxtrot #ShadowPad
https://hunt.io/blog/state-sponsored-activity-gamaredon-shadowpad

State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure
#Gamaredon #RedFoxtrot #ShadowPad
https://hunt.io/blog/state-sponsored-activity-gamaredon-shadowpad

Famous Sparrow APT Group: Enhanced Cyber Arsenal and Global Threats

https://thedefendopsdiaries.com/famous-sparrow-apt-group-enhanced-cyber-arsenal-and-global-threats/

#famoussparrow
#aptgroup
#cyberespionage
#shadowpad
#cybersecurity

Famous Sparrow APT Group: Enhanced Cyber Arsenal and Global Threats

https://thedefendopsdiaries.com/famous-sparrow-apt-group-enhanced-cyber-arsenal-and-global-threats/

#famoussparrow
#aptgroup
#cyberespionage
#shadowpad
#cybersecurity

Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines – Source: www.securityweek.com https://ciso2ciso.com/chinese-apt-tools-found-in-ransomware-schemes-blurring-attribution-lines-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #securityweekcom #securityweek #NationState #Cybercrime #ransomware #TrendMicro #Shadowpad #ChinaAPT #symantec #APT41 #PlugX

Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines https://www.securityweek.com/chinese-apt-tools-found-in-ransomware-schemes-blurring-attribution-lines/ #Malware&Threats #NationState #Cybercrime #ransomware #TrendMicro #Shadowpad #ChinaAPT #Symantec #APT41 #PlugX

For incident responders investigating Shadowpad cases, remember to retrieve the volume serial number where #Shadowpad was deployed. The first time the malware is run, it will delete the encoded payload file (<random name>.tmp), and encrypt it in the Windows registry using the volume serial number. Those can also be found in LNK and Prefetch files in case you don't have live access to the host anymore.
You can then use the VolumeID tool from Sysinternals to change the volume serial number of your virtual machine
https://learn.microsoft.com/en-us/sysinternals/downloads/volumeid

Technical Analysis of a Novel IMEEX Framework

The IMEEX framework is a newly discovered, custom-built malware targeting Windows systems. Delivered as a 64-bit DLL, it offers extensive control over compromised machines, featuring execution of additional modules, file manipulation, process management, registry modification, and remote command execution. It primarily targets Djibouti and Afghanistan, gathering system information and communicating with its command-and-control server over encrypted channels. The framework employs advanced techniques like masquerading as legitimate processes, mutex creation, and encrypted communications to maintain persistence and evade detection. Its modular approach, robust capabilities, and potential infrastructure overlap with ShadowPad suggest an evolution in threat actor tactics.

Pulse ID: 670cf932eede40d2e1660012
Pulse Link: https://otx.alienvault.com/pulse/670cf932eede40d2e1660012
Pulse Author: AlienVault
Created: 2024-10-14 10:57:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Afghanistan #CyberSecurity #ICS #InfoSec #Mac #Malware #OTX #OpenThreatExchange #RemoteCommandExecution #ShadowPad #Windows #bot #AlienVault

Chinese Hackers Targeted Taiwanese Research Institute with ShadowPad and Cobalt Strike https://thecyberexpress.com/chinese-hackers-apt41-targeted-taiwan/ #TheCyberExpressNews #CybersecurityNews #Taiwaneseresearch #TheCyberExpress #FirewallDaily #cobaltstrike #ShadowPad #Taiwanese #Chinese #APT41

Chinese Hackers Targeted Taiwanese Research Institute with ShadowPad and Cobalt Strike https://thecyberexpress.com/chinese-hackers-apt41-targeted-taiwan/ #TheCyberExpressNews #CybersecurityNews #Taiwaneseresearch #TheCyberExpress #FirewallDaily #cobaltstrike #ShadowPad #Taiwanese #Chinese #APT41

Chinese Hackers Targeted Taiwanese Research Institute with ShadowPad and Cobalt Strike https://thecyberexpress.com/chinese-hackers-apt41-targeted-taiwan/ #TheCyberExpressNews #CybersecurityNews #Taiwaneseresearch #TheCyberExpress #FirewallDaily #cobaltstrike #ShadowPad #Taiwanese #Chinese #APT41

Chinese Hackers Targeted Taiwanese Research Institute with ShadowPad and Cobalt Strike https://thecyberexpress.com/chinese-hackers-apt41-targeted-taiwan/ #TheCyberExpressNews #CybersecurityNews #Taiwaneseresearch #TheCyberExpress #FirewallDaily #cobaltstrike #ShadowPad #Taiwanese #Chinese #APT41