Close Menu
  • Home
  • Cybercrime and Ransomware
  • Emerging Tech
  • Threat Intelligence
  • Expert Insights
  • Careers and Learning
  • Compliance

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Former MEP Under Attack: Phone Hacked with Pegasus

July 3, 2026

Hacker Exploits Claude AI to Score Free Tickets to Nearly Every US Music Show

July 3, 2026

Organizations overlook emerging ransomware and supply chain threats

July 3, 2026
Facebook X (Twitter) Instagram
The CISO Brief
  • Home
  • Cybercrime and Ransomware
  • Emerging Tech
  • Threat Intelligence
  • Expert Insights
  • Careers and Learning
  • Compliance
Home » APT24 Deploys BADAUDIO in Long-Running Espionage Targeting Taiwan and Over 1,000 Domains
Cybercrime and Ransomware

APT24 Deploys BADAUDIO in Long-Running Espionage Targeting Taiwan and Over 1,000 Domains

Staff WriterBy Staff WriterNovember 21, 2025No Comments4 Mins Read6 Views
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest WhatsApp Email

Fast Facts

  1. APT24, a suspected Chinese cyber-espionage group, has been active for nearly three years, deploying sophisticated malware like BADAUDIO through supply chain attacks, phishing, and website compromises targeting Taiwan and other sectors.
  2. BADAUDIO, a C++-based, obfuscated malware, functions as a first-stage downloader capable of retrieving and executing encrypted payloads, emphasizing resilience with techniques like DLL search hijacking and control flow flattening.
  3. From late 2022 to 2025, APT24 compromised over 20 websites, injecting malicious scripts to serve targets tailored fake pop-ups, and hijacked a regional digital marketing firm to distribute malicious JavaScript to over 1,000 domains.
  4. A related campaign dubbed Autumn Dragon involved a Southeast Asia targeting operation, utilizing chained RAR archives, DLL sideloading, and stealthy command-and-control communication via Telegram to conduct espionage on government and media sectors.

Problem Explained

Between November 2022 and at least September 2025, the China-associated threat group APT24, also called Pitty Tiger, launched a sophisticated and persistent cyber espionage campaign targeting organizations primarily in Taiwan and Southeast Asia. This campaign involved a range of advanced cyberattack methods, starting with the compromised of over 20 legitimate websites through malicious JavaScript injections designed to dupe visitors into downloading malware under the guise of routine updates. Notably, APT24 also infiltrated a regional digital marketing firm in Taiwan, using supply chain attacks to infect thousands of websites by corrupting shared JavaScript resources that effectively hijacked numerous domains. The malware, dubbed BADAUDIO, was crafted in C++ with obfuscation techniques to thwart reverse engineering, acting as a first-stage downloader capable of retrieving and executing further malicious payloads from command-and-control servers, including Cobalt Strike beacons. The group also employed targeted spear-phishing campaigns using enticements tied to animal rescue organizations, leveraging encrypted archives and cloud services like Google Drive and Microsoft OneDrive to stealthily exfiltrate data and install additional malware. Reported by Google’s Threat Intelligence Group, these highly targeted, multi-layered operations demonstrate the group’s evolving tactics aimed at espionage, utilizing supply chain vulnerabilities, social engineering, and legitimate cloud infrastructure to maintain resilience and discretion amid ongoing geopolitical tensions.

The overarching purpose of these operations is to espionage and gather intelligence from government, media, and other strategic sectors in Taiwan and Southeast Asia, with APT24 positioning itself as an adaptive and persistent threat actor pursuing covert infiltration over extended periods. This detailed account is based on disclosures by Google’s Threat Intelligence Group and corroborates cyber threat analyses from other cybersecurity firms like Trend Micro and CyberArmor, which document the group’s evolution and its connection to broader regional cyber espionage activities attributed to China-nexus actors.

Critical Concerns

The recent revelation that the hacking group APT24 deployed the BADAUDIO malware over years to conduct extensive espionage targeting Taiwan and more than a thousand domains serves as a stark warning for any business; in today’s hyper-connected digital landscape, sophisticated cyber adversaries with persistent, long-term access can infiltrate corporate networks silently, extracting sensitive data, compromising proprietary information, and crippling operations without immediate detection. Such breaches not only threaten your company’s intellectual property and customer trust but can also lead to severe financial losses, regulatory penalties, and irreversible reputational damage, making cybersecurity not just an IT concern but an essential cornerstone of your business resilience and future stability.

Possible Next Steps

In the evolving landscape of cybersecurity, timely remediation is crucial for minimizing damage and restoring trust when threats like APT24’s long-term espionage efforts emerge and compromise numerous domains.

Identify & Assess

  • Conduct comprehensive threat hunting and vulnerability assessments to locate all affected systems.
  • Prioritize critical assets and data for immediate attention.

Contain

  • Isolate compromised machines to prevent lateral movement.
  • Disable malicious accounts or access points associated with the threat.

Eradicate

  • Remove malware such as BADAUDIO from infected systems.
  • Apply patches and updates to close exploited vulnerabilities.

Recover

  • Restore systems from clean backups, ensuring they are free of malware.
  • Reinstate affected services with enhanced security controls.

Post-Incident

  • Analyze attack vectors and techniques used for future defense improvements.
  • Conduct user awareness and training to prevent similar breaches.

Enhance Defense

  • Implement advanced intrusion detection and prevention systems.
  • Strengthen monitoring and logging to enable rapid detection of suspicious activity.

Stay Ahead in Cybersecurity

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

CISO Update computer security cyber attacks cyber news cyber risk cyber security news cyber security news today cyber security updates cyber updates cybercrime Cybersecurity data breach hacker news hacking news how to hack information security MX1 network security ransomware malware risk management software vulnerability the hacker news
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleLINE Messaging Flaw: A Gateway to Cyber Espionage for Asian Users
Next Article Salesforce Customers Targeted: Gainsight Hack Exposed
Avatar photo
Staff Writer
  • Website

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Former MEP Under Attack: Phone Hacked with Pegasus

July 3, 2026

Hacker Exploits Claude AI to Score Free Tickets to Nearly Every US Music Show

July 3, 2026

Organizations overlook emerging ransomware and supply chain threats

July 3, 2026

Comments are closed.

Latest Posts

Former MEP Under Attack: Phone Hacked with Pegasus

July 3, 2026

Hacker Exploits Claude AI to Score Free Tickets to Nearly Every US Music Show

July 3, 2026

Claude Fable 5: Cybersecurity Safeguards & Jailbreak Resilience

July 3, 2026

Scattered Spider Member Extradited to U.S.

July 2, 2026
Don't Miss

Former MEP Under Attack: Phone Hacked with Pegasus

By Staff WriterJuly 3, 2026

Essential Insights Stelios Kouloglou, a former MEP investigating Pegasus spyware abuses, was repeatedly infected with…

Hacker Exploits Claude AI to Score Free Tickets to Nearly Every US Music Show

July 3, 2026

Organizations overlook emerging ransomware and supply chain threats

July 3, 2026

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

Recent Posts

  • Former MEP Under Attack: Phone Hacked with Pegasus
  • Hacker Exploits Claude AI to Score Free Tickets to Nearly Every US Music Show
  • Organizations overlook emerging ransomware and supply chain threats
  • Claude Fable 5: Cybersecurity Safeguards & Jailbreak Resilience
  • Strengthening Security Across the Microsoft Partner Ecosystem
About Us
About Us

Welcome to The CISO Brief, your trusted source for the latest news, expert insights, and developments in the cybersecurity world.

In today’s rapidly evolving digital landscape, staying informed about cyber threats, innovations, and industry trends is critical for professionals and organizations alike. At The CISO Brief, we are committed to providing timely, accurate, and insightful content that helps security leaders navigate the complexities of cybersecurity.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Former MEP Under Attack: Phone Hacked with Pegasus

July 3, 2026

Hacker Exploits Claude AI to Score Free Tickets to Nearly Every US Music Show

July 3, 2026

Organizations overlook emerging ransomware and supply chain threats

July 3, 2026
Most Popular

Protecting MCP Security: Defeating Prompt Injection & Tool Poisoning

January 30, 202633 Views

Unlock the Power of Free WormGPT: Harnessing DeepSeek, Gemini, and Kimi-K2 AI Models

November 27, 202530 Views

The New Face of DDoS is Impacted by AI

August 4, 202528 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025

Categories

  • Compliance
  • Cyber Updates
  • Cybercrime and Ransomware
  • Editor's pick
  • Emerging Tech
  • Events
  • Featured
  • Insights
  • Most Read
  • Threat Intelligence
  • Uncategorized
© 2026 thecisobrief. Designed by thecisobrief.
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions

Type above and press Enter to search. Press Esc to cancel.