{"id":53334,"date":"2023-08-22T10:05:00","date_gmt":"2023-08-22T10:05:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/chinese-apt-targets-hong-kong-in-supply-chain-attack"},"modified":"2023-08-22T10:05:00","modified_gmt":"2023-08-22T10:05:00","slug":"chinese-apt-targets-hong-kong-in-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/","title":{"rendered":"Chinese APT Targets Hong Kong in Supply Chain Attack"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7b3a0a8c6a9a673a\/6269b3f204f10360e556127a\/china_Pixels_Hunter_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>An emerging China-backed advanced persistent threat (APT) group targeted organizations in Hong Kong in a supply chain attack that leveraged a legitimate software to deploy the PlugX\/Korplug backdoor, researchers have found.<\/p>\n<p>The group, which researchers have dubbed Carderbee, used a compromised version of Cobra DocGuard \u2014 an application for protecting, encrypting, and decrypting software produced by Chinese firm EsafeNet \u2014 to gain access to victims&#8217; networks, the Symantec Threat Hunter Team revealed in <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/carderbee-software-supply-chain-certificate-abuse\" target=\"_blank\" rel=\"noopener\">a blog post<\/a> published today.<\/p>\n<p>During the attack, the group leveraged as its PlugX installer malware signed with another legitimate entity, a Microsoft certificate, in an abuse of Microsoft&#8217;s Windows Hardware Developer Program, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/ADV230001\" target=\"_blank\" rel=\"noopener\">a vulnerability already known to the software vendor.<\/a><\/p>\n<p>The use of the Microsoft Windows Hardware Compatibility Publisher certificate as part of the attack makes it more challenging for defenders, &#8220;as malware signed with what appears to be a legitimate certificate can be much harder for security software to detect,&#8221; notes Brigid O&#8217;Gorman, senior intelligence analyst at Broadcom&#8217;s Symantec Threat Hunter Team.<\/p>\n<p>In total, the researchers observed malicious activity on about 100 computers in impacted organizations, however, the Cobra DocGuard software was installed on about 2,000 computers. This indicates that the APT may be selectively pushing payloads to specific victims \u2014 a common tactic in supply chain attacks, O&#8217;Gorman says.<\/p>\n<p>&#8220;Typically, the compromised software is downloaded onto a large number of computers due to the nature of supply chain attacks, but further malicious activity may be only seen on a small percentage of compromised machines,&#8221; she explains.<\/p>\n<h2 class=\"regular-text\">As-Yet Identified Threat Actor<\/h2>\n<p>The attack is not the first time that threat actors have used Cobra DocGuard in a supply chain campaign, the researchers said. PlugX also is familiar malware; Chinese threat actors, including <a href=\"https:\/\/www.darkreading.com\/endpoint\/china-blackfly-targets-materials-sector-relentless-quest-ip\" target=\"_blank\" rel=\"noopener\">BlackFly<\/a> and <a href=\"https:\/\/www.darkreading.com\/endpoint\/group-tied-to-china-s-mustang-panda-targets-european-governments-with-smugx\" target=\"_blank\" rel=\"noopener\">MustangPanda,<\/a> already have wielded the remote access Trojan (RAT) in a number of attacks this year.<\/p>\n<p>Recent attacks have also used a combination of Cobra DocGuard and PlugX similar to the one in the attack. In September, threat activity attributed to Budworm (aka LuckyMouse, APT27) used a malicious update to Cobra DocGuard to compromise a gambling company in Hong Kong, then deployed a new variant of Korplug\/PlugX, according to <a href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2023\/01\/eset_apt_activity_report_t32022.pdf\" target=\"_blank\" rel=\"noopener\">ESET<\/a>.<\/p>\n<p>Indeed, while Carderbee shares similarities with other known <a href=\"https:\/\/www.darkreading.com\/endpoint\/trojan-rigged-phishing-attacks-pepper-china-taiwan-conflict\" target=\"_blank\" rel=\"noopener\">adversaries backed by China<\/a>, &#8220;these links weren&#8217;t strong enough to definitively link this activity to a known group,&#8221; O&#8217;Gorman says.<\/p>\n<p>&#8220;Crossover of TTPs and infrastructure among <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/redhotel-dominant-china-backed-cyber-spy-group\" target=\"_blank\" rel=\"noopener\">threat actors<\/a> operating out of China isn&#8217;t unusual, which can make attribution of attacks challenging,&#8221; she says. &#8220;Korplug is a backdoor that is known to be used by multiple APTs, not just Budworm, but also APT41 and others.&#8221;<\/p>\n<p>The researchers are also unsure of the attack&#8217;s motive, though PlugX\/Korplug is typically used in <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/chinese-apt-bronze-president-spy-campaign-russian-military\" target=\"_blank\" rel=\"noopener\">cyber espionage attacks<\/a>, which themselves are typical of Chinese threat actors. &#8220;However, with the information we have currently, we couldn&#8217;t rule out other possible motivations, such as financial,&#8221; O&#8217;Gorman adds.<\/p>\n<h2 class=\"regular-text\">Attack Chain<\/h2>\n<p>The attack occurred over several months in which researchers observed the delivery of a malicious version of Cobra DocGuard to the following location on infected computers at victim organizations: &#8220;csidl_system_drive\\program files\\esafenet\\cobra docguard client\\update.&#8221; While most of the victims were based in Hong Kong, the rest were scattered around Asia.<\/p>\n<p>Attackers delivered multiple distinct malware families via this method, including the downloader for PlugX\/Korplug that had a <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/microsoft-signed-malicious-drivers-edr-killers-ransomware\" target=\"_blank\" rel=\"noopener\">digitally signed certificate<\/a> from Microsoft.<\/p>\n<p>The backdoor sample observed in the attack had various functions; it could execute commands via cmd, enumerate files, check running processes, download files, open firewall ports, and act as a keylogger.<\/p>\n<p>Further, while the researchers know that a compromised version of Cobra DocGuard was used by the attackers to gain access to the victims&#8217; networks, they don&#8217;t know &#8220;how the attackers gained access to the Cobra DocGuard client to use it in this manner,&#8221; O&#8217;Gorman acknowledges.<\/p>\n<h2 class=\"regular-text\">Defending the Supply Chain<\/h2>\n<p>Software supply chain attacks in general remain a major issue for organizations in all sectors, with several high-profile attacks occurring in the last 12 months, O&#8217;Gorman says. One of those is the Cl0p ransomware gang <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/shell-latest-cl0p-moveit-victim\" target=\"_blank\" rel=\"noopener\">MOVEit attack<\/a>, which exploits a flaw in an app from Progress Software that <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/cl0p-claims-moveit-attack-how-gang-did-it\" target=\"_blank\" rel=\"noopener\">has affected<\/a> numerous <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/clop-gang-steals-personal-health-data-of-4-million-in-colorado-breach\" target=\"_blank\" rel=\"noopener\">customer environments<\/a> and even spurred multiple <a href=\"https:\/\/www.hbsslaw.com\/press\/progress-software-moveit-data-breach\/multiple-class-action-lawsuits-filed-after-2023-moveit-data-breach-affecting-more-than-40-million-people\" target=\"_blank\" rel=\"noopener\">class-action lawsuits<\/a> against the company.<\/p>\n<p>&#8220;Software supply chain attacks are a boon for attackers as they can allow them to infiltrate even well-guarded organizations if they are able to compromise the software of one of the organizations&#8217; trusted partners,&#8221; O&#8217;Gorman says.<\/p>\n<p>To defend the supply chain, organizations should monitor the behavior of all activity on a system to help identify any unwanted patterns and allow them to block a suspicious application before any damage can be done, she says.<\/p>\n<p>&#8220;This is possible as the behavior of a malicious update will generally be different to that of the expected clean software,&#8221; O&#8217;Gorman notes.<\/p>\n<p>Organizations can also reduce their overall attack surface by implementing zero-trust policies and network segmentation, which can prevent a malicious update that&#8217;s downloaded to one machine from spreading to the whole network, she says.<\/p>\n<p>Software developers and providers also should take responsibility to secure the supply chain by ensuring they can detect unwanted changes in the software update process and on their website, O&#8217;Gorman adds.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/chinese-apt-targets-hong-kong-in-supply-chain-attack\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug\/PlugX backdoor to various Asian targets.Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/chinese-apt-targets-hong-kong-in-supply-chain-attack\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-53334","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chinese APT Targets Hong Kong in Supply Chain Attack 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese APT Targets Hong Kong in Supply Chain Attack 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-22T10:05:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7b3a0a8c6a9a673a\/6269b3f204f10360e556127a\/china_Pixels_Hunter_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Chinese APT Targets Hong Kong in Supply Chain Attack\",\"datePublished\":\"2023-08-22T10:05:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/\"},\"wordCount\":887,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt7b3a0a8c6a9a673a\\\/6269b3f204f10360e556127a\\\/china_Pixels_Hunter_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/\",\"name\":\"Chinese APT Targets Hong Kong in Supply Chain Attack 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt7b3a0a8c6a9a673a\\\/6269b3f204f10360e556127a\\\/china_Pixels_Hunter_shutterstock.jpg\",\"datePublished\":\"2023-08-22T10:05:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt7b3a0a8c6a9a673a\\\/6269b3f204f10360e556127a\\\/china_Pixels_Hunter_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt7b3a0a8c6a9a673a\\\/6269b3f204f10360e556127a\\\/china_Pixels_Hunter_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-apt-targets-hong-kong-in-supply-chain-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chinese APT Targets Hong Kong in Supply Chain Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese APT Targets Hong Kong in Supply Chain Attack 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/","og_locale":"en_US","og_type":"article","og_title":"Chinese APT Targets Hong Kong in Supply Chain Attack 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-08-22T10:05:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7b3a0a8c6a9a673a\/6269b3f204f10360e556127a\/china_Pixels_Hunter_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Chinese APT Targets Hong Kong in Supply Chain Attack","datePublished":"2023-08-22T10:05:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/"},"wordCount":887,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7b3a0a8c6a9a673a\/6269b3f204f10360e556127a\/china_Pixels_Hunter_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/","url":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/","name":"Chinese APT Targets Hong Kong in Supply Chain Attack 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7b3a0a8c6a9a673a\/6269b3f204f10360e556127a\/china_Pixels_Hunter_shutterstock.jpg","datePublished":"2023-08-22T10:05:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7b3a0a8c6a9a673a\/6269b3f204f10360e556127a\/china_Pixels_Hunter_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7b3a0a8c6a9a673a\/6269b3f204f10360e556127a\/china_Pixels_Hunter_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chinese-apt-targets-hong-kong-in-supply-chain-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Chinese APT Targets Hong Kong in Supply Chain Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53334"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53334\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}