{"id":54083,"date":"2023-10-11T21:15:00","date_gmt":"2023-10-11T21:15:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/chinese-stayin-alive-attacks-basic-loaders-asian-telcos"},"modified":"2023-10-11T21:15:00","modified_gmt":"2023-10-11T21:15:00","slug":"chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/","title":{"rendered":"Chinese &#8216;Stayin&#8217; Alive&#8217; Attacks Dance Onto Targets With Dumb Malware"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt075378ec246a0e97\/6526f891885b268499771b5f\/Bee_Gees-Photo_12-Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Chinese advanced persistent threats (APTs) are known for being sophisticated, but the &#8220;ToddyCat&#8221; group is bucking the trend,&nbsp;compromising telecommunications organizations in Central and Southeast Asia using a constantly evolving arsenal of custom-developed, but very simple, backdoors and loaders.<\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/china-linked-toddycat-apt-pioneers-novel-spyware\" target=\"_blank\" rel=\"noopener\">ToddyCat was first discovered last year<\/a>, though it has been in operation since at least 2020. According to Check Point, it has previously been linked with Chinese espionage operations.<\/p>\n<p>In <a href=\"https:\/\/blog.checkpoint.com\/security\/unveiling-stayin-alive-a-closer-look-at-an-ongoing-campaign-in-asia-targeting-telecom-and-governmental-entities\/\" target=\"_blank\" rel=\"noopener\">a blog post published this week, <\/a>Check Point&#8217;s researchers described how the group is staying nimble these days: by deploying, and just as quickly throwing away, cheap malware it can use to drop its payloads.<\/p>\n<p>Victims of its latest &#8220;Stayin&#8217; Alive&#8221; campaign \u2014 active since at least 2021 \u2014 include telcos from Kazakhstan, Pakistan, Uzbekistan, and Vietnam. The precise extent of their reach, and whether they caused any damage, are yet unknown.<\/p>\n<h2 class=\"regular-text\">ToddyCat&#8217;s Latest Tactics<\/h2>\n<p>Stayin&#8217; Alive attacks begin with spear phishing emails containing archive files. Once executed, the archive files are designed to take advantage of <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23748\" target=\"_blank\" rel=\"noopener\">CVE-2022-23748<\/a>, a 7.8 out of 10 &#8220;High&#8221; criticality DLL sideloading vulnerability in <a href=\"https:\/\/www.audinate.com\/learning\/faqs\/what-is-dante-discovery\" target=\"_blank\" rel=\"noopener\">Dante AV systems software<\/a>. ToddyCat uses such DLL sideloading \u2014 a popular technique, <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/apt41-subgroup-plows-through-asia-pacific-utilizing-layered-stealth-tactics\" target=\"_blank\" rel=\"noopener\">especially among Chinese threat actors<\/a> \u2014 to drop loaders and downloaders onto targeted devices.<\/p>\n<p>These loaders and downloaders are not nearly to the specs one would expect of a high-level, state-affiliated threat actor, explains Sergey Shykevich, threat intelligence group manager at Check Point.<\/p>\n<p>&#8220;They have relatively basic functionality, but they&#8217;re good enough to achieve initial goals, like allowing the attacker to get basic reports about infected machines: computer name, user name, system info, some directories, and so on. They also include the functionality of shelling, allowing the execution of any command the attacker wants,&#8221; he explains.<\/p>\n<p>&#8220;Our assumption is that via the shell, they were able to implement additional backdoors and modules,&#8221; he adds, though the research didn&#8217;t extend to finding out what payloads they ultimately did deploy.<\/p>\n<h2 class=\"regular-text\">A Smart Use of Dumb Malware<\/h2>\n<p>Though at first it might seem lazy or ineffectual, there is a reasoning behind using such basic tools instead of more sophisticated, multifunctional weapons of cyberwar.<\/p>\n<p>&#8220;The smaller the tool, the more difficult it is to detect,&#8221; Shykevich explains. &#8220;And also, when it&#8217;s a small tool, it&#8217;s relatively easy to adjust it to a target.&#8221;<\/p>\n<p>Easier to adjust, and less expensive to throw away. Typically, researchers identify and track APTs by cross-referencing details between different attacks. With ToddyCat, however, it&#8217;s impossible to do that \u2014 each of its malware samples has zero discernible overlap with known malware families, or even with one another. The researchers expect that they&#8217;re likely discarded for new samples even after little use. &#8220;The small changes mean that you can catch one of them, but it won&#8217;t be so straightforward to catch all the others. It will require some additional work,&#8221; Shykevich says.<\/p>\n<p>That said,&nbsp;ToddyCat is undone by the fact that each sample traces back to its easily identifiable command-and-control (C2) infrastructure.<\/p>\n<p>To defend against such a nimble attacker, Shykevich recommends a layered approach. &#8220;The first layer here, for example, was the email \u2014 you should have proper email protection to identify a malicious attachment,&#8221; he advocates. &#8220;But another level is endpoint detection and response (EDR) endpoints, to identify for example the DLL sideloading and malicious shell activity.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/chinese-stayin-alive-attacks-basic-loaders-asian-telcos\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A sophisticated APT known as &#8220;ToddyCat,&#8221; sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail.Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/chinese-stayin-alive-attacks-basic-loaders-asian-telcos\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-54083","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chinese &#039;Stayin&#039; Alive&#039; Attacks Dance Onto Targets With Dumb Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese &#039;Stayin&#039; Alive&#039; Attacks Dance Onto Targets With Dumb Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-11T21:15:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt075378ec246a0e97\/6526f891885b268499771b5f\/Bee_Gees-Photo_12-Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Chinese &#8216;Stayin&#8217; Alive&#8217; Attacks Dance Onto Targets With Dumb Malware\",\"datePublished\":\"2023-10-11T21:15:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/\"},\"wordCount\":563,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt075378ec246a0e97\\\/6526f891885b268499771b5f\\\/Bee_Gees-Photo_12-Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/\",\"name\":\"Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt075378ec246a0e97\\\/6526f891885b268499771b5f\\\/Bee_Gees-Photo_12-Alamy.jpg\",\"datePublished\":\"2023-10-11T21:15:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt075378ec246a0e97\\\/6526f891885b268499771b5f\\\/Bee_Gees-Photo_12-Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt075378ec246a0e97\\\/6526f891885b268499771b5f\\\/Bee_Gees-Photo_12-Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chinese &#8216;Stayin&#8217; Alive&#8217; Attacks Dance Onto Targets With Dumb Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/","og_locale":"en_US","og_type":"article","og_title":"Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-11T21:15:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt075378ec246a0e97\/6526f891885b268499771b5f\/Bee_Gees-Photo_12-Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Chinese &#8216;Stayin&#8217; Alive&#8217; Attacks Dance Onto Targets With Dumb Malware","datePublished":"2023-10-11T21:15:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/"},"wordCount":563,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt075378ec246a0e97\/6526f891885b268499771b5f\/Bee_Gees-Photo_12-Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/","url":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/","name":"Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt075378ec246a0e97\/6526f891885b268499771b5f\/Bee_Gees-Photo_12-Alamy.jpg","datePublished":"2023-10-11T21:15:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt075378ec246a0e97\/6526f891885b268499771b5f\/Bee_Gees-Photo_12-Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt075378ec246a0e97\/6526f891885b268499771b5f\/Bee_Gees-Photo_12-Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chinese-stayin-alive-attacks-dance-onto-targets-with-dumb-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Chinese &#8216;Stayin&#8217; Alive&#8217; Attacks Dance Onto Targets With Dumb Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54083"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54083\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}