The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

China Nexus Threat Actors Use PeckBirdy C2 Framework

Feb 2, 2026 1:43:12 PM / by The Hivemind posted in Threat Bulletin, China-aligned APT, SHADOW-VOID-044, watering hole attacks, LOLBins exploitation, SHADOW-EARTH-045, HOLODONUT backdoor, MKDOOR backdoor, PeckBirdy framework

0 Comments

Verticals Targeted: Gambling, Government
Regions Targeted: China, Philippines, Broader Asia
Related Families: HOLODONUT, MKDOOR

Executive Summary

Researchers have identified PeckBirdy, a versatile JScript-based C2 framework, deployed since 2023 in campaigns linked to China-aligned APT actors. This framework supports multiple execution environments via living-off-the-land binaries and delivers modular backdoors in operations targeting gambling operations and government entities.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More