The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Wicked Panda Targets Government Entities, Uses Google Calendar for C2

Jun 6, 2025 2:50:40 PM / by The Hivemind posted in Threat Bulletin, APT41, Wicked Panda, TOUGHPROGRESS malware, Google Calendar C2, Spear Phishing, Government Cyberattack, Chinese Cyber Espionage, Cloud Service Abuse, Malware Analysis, Data Exfiltration

0 Comments

Verticals Targeted: Government
Regions Targeted: Not specified
Related Families: VOLDEMORT, DUSTTRAP

Executive Summary

Wicked Panda, a Chinese state-sponsored threat actor, deployed TOUGHPROGRESS malware, exploiting Google Calendar for stealthy command-and-control operations targeting government entities. This campaign underscores the group’s innovative abuse of cloud services to evade detection and maintain persistent access.  

Read More

Winnti Targets Hong Kong With Spyder Loader

Nov 7, 2022 1:37:10 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, APT41, Wicked Panda, China, Winnti, Loader, Spyder Loader

0 Comments

Verticals Targeted: Government

Executive Summary

Symantec recently reported on Spyder Loader, a tool used by Chinese nexus state-sponsored threat actor group Winnti to target government entities in Hong Kong.

Read More

Wicked Panda’s ShadowPad RAT

Feb 28, 2022 2:31:59 PM / by PolySwarm Tech Team posted in Threat Bulletin, APT41, Shadow Pad, China, Winnti, Axiom

0 Comments



Background

Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More