Insights, news, education and announcements from PolySwarm

Capability Gaps as Targets: Forecasting Chinese APT Targeting Under the 15th Five-Year Plan

Apr 3, 2026 12:20:51 PM / by The Hivemind posted in Threat Bulletin, APT41, Volt Typhoon, China cyber espionage, Five-Year Plan 2026, semiconductor espionage, PRC APT activity, supply chain attacks, AI cyber threats

0 Comments

Verticals Targeted: Semiconductors, Artificial Intelligence, Cloud, Biotechnology, Healthcare, Critical Infrastructure, Telecommunications, Aerospace, Defense
Regions Targeted: US, Taiwan, Japan, South Korea, UK, Germany, France, Israel, Singapore, Australia

Wicked Panda Targets Government Entities, Uses Google Calendar for C2

Jun 6, 2025 2:50:40 PM / by The Hivemind posted in Threat Bulletin, APT41, Wicked Panda, TOUGHPROGRESS malware, Google Calendar C2, Spear Phishing, Government Cyberattack, Chinese Cyber Espionage, Cloud Service Abuse, Malware Analysis, Data Exfiltration

0 Comments

Verticals Targeted: Government
Regions Targeted: Not specified
Related Families: VOLDEMORT, DUSTTRAP

Executive Summary

Wicked Panda, a Chinese state-sponsored threat actor, deployed TOUGHPROGRESS malware, exploiting Google Calendar for stealthy command-and-control operations targeting government entities. This campaign underscores the group’s innovative abuse of cloud services to evade detection and maintain persistent access.

Winnti Targets Hong Kong With Spyder Loader

Nov 7, 2022 1:37:10 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, APT41, Wicked Panda, China, Winnti, Loader, Spyder Loader

0 Comments

Verticals Targeted: Government

Executive Summary

Symantec recently reported on Spyder Loader, a tool used by Chinese nexus state-sponsored threat actor group Winnti to target government entities in Hong Kong.

Wicked Panda’s ShadowPad RAT

Feb 28, 2022 2:31:59 PM / by PolySwarm Tech Team posted in Threat Bulletin, APT41, Shadow Pad, China, Winnti, Axiom

0 Comments

Background

Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.

The PolySwarm Blog

Capability Gaps as Targets: Forecasting Chinese APT Targeting Under the 15th Five-Year Plan

Wicked Panda Targets Government Entities, Uses Google Calendar for C2

Executive Summary

Winnti Targets Hong Kong With Spyder Loader

Wicked Panda’s ShadowPad RAT

Background

Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies

Capability Gaps as Targets: Forecasting Chinese APT Targeting Under the 15th Five-Year Plan

Wicked Panda Targets Government Entities, Uses Google Calendar for C2

Executive Summary

Winnti Targets Hong Kong With Spyder Loader

Wicked Panda’s ShadowPad RAT

BackgroundSecureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies

Background

Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.