Latest updates for Apt37

Fresh curated links around APT37 are collected here so marketers can spot useful updates and turn timely ideas into posts faster.

Recent items include:

  • APT37 Uses Facebook, Telegram, and Trojanzied Installer in New Targeted Cyberattack
  • China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
  • China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

Post angles to try

Share the most useful takeaway for your audience.
Turn one article into a quick practical checklist.
Ask your audience how this shift affects their work.
Turn angles into scheduled posts

Fresh articles and ideas

Recent curated links from global sources. Generate one free draft from any story, then use SocialBu to schedule and refine your content calendar.

gbhackers.com /1 month ago

APT37 Uses Facebook, Telegram, and Trojanzied Installer in New Targeted Cyberattack

APT37 is running a new targeted intrusion campaign that abuses Facebook, Telegram, and a tampered Wondershare PDFelement installer to gain stealthy access and exfiltrate sensitive...

Read source
thehackernews.com /1 month ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region....

Read source
thehackernews.com /3 weeks ago

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and govern...

Read source
thehackernews.com /2 weeks ago

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late Febru...

Read source
thehackernews.com /1 month ago

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on...

Read source
thehackernews.com /1 month ago

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege...

Read source
thehackernews.com /1 month ago

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a...

Read source
hackread.com /4 weeks ago

45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation

SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks.

Read source
thehackernews.com /3 weeks ago

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to esta...

Read source
gbhackers.com /5 days ago

APT Group Patches termsrv.dll to Enable Multiple RDP Sessions

A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll...

Read source
thehackernews.com /4 weeks ago

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along wi...

Read source
gbhackers.com /1 week ago

Paper Werewolf APT Spreads EchoGather RAT via Fake Adobe Installer

A sophisticated Russian-language threat cluster known as Paper Werewolf (also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, fina...

Read source
infosecurity-magazine.com /1 month ago

Deep#Door Python Backdoor Evades Detection On Windows

Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials

Read source
hackread.com /2 weeks ago

FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit

Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…

Read source
hackread.com /1 month ago

Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor

Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works.

Read source
infosecurity-magazine.com /2 weeks ago

Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign

Mustang Panda campaign deploys updated FDMTP backdoor against Asia-Pacific and Japan networks

Read source
habr.com /1 month ago

Mustard Tempest и многоступенчатая цепочка доставки вредоносного ПО

В конце 2025 года группа киберразведки зафиксировала кампанию хакерской группировки Cloud Atlas, нацеленную на российские организации из сферы промышленности и военно-промышленного...

Read source
gbhackers.com /1 week ago

UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware

UAC-0184 uses a multi‑stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLau...

Read source
thehackernews.com /1 month ago

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools runn...

Read source
gbhackers.com /4 weeks ago

Deep#Door Stealer Targets Passwords, Tokens, SSH Keys, and Wi-Fi Credentials

Deep#Door is a stealthy Python-based Remote Access Trojan (RAT) that uses an obfuscated batch loader to deploy a persistent surveillance and credential-stealing implant on Windows...

Read source
thehackernews.com /1 month ago

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimat...

Read source
infosecurity-magazine.com /2 weeks ago

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit

Read source
thehackernews.com /1 month ago

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. "The grou...

Read source
gbhackers.com /3 weeks ago

Silver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor Backdoor

Silver Fox is running a tax‑themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, us...

Read source

Turn fresh research into a full content calendar

Use SocialBu to discover ideas, generate post drafts, and schedule them across your social channels.

Start creating posts

Sources covering Apt37

feeds.feedburner.com

Recent coverage from public sources
Public source

gbhackers.com

Recent coverage from public sources
Public source

habr.com

Recent coverage from public sources
Public source

hackread.com

Recent coverage from public sources
Public source

infosecurity-magazine.com

Recent coverage from public sources
Public source

Related searches

Cyber Security News cyber security Cybersecurity Malware China Cyber Attack Security APT Cyber Attacks backdoor Acronis Adobe

Recent searches

Artificial Intelligence Machine Learning Data Science Data Engineering Business Intelligence Web Development Software Development Software Testing Programming JavaScript DevOps Cyber Security Product Management Project Management Design UX UX Research Graphic Design Video Production Video Editing