TA415 APT41 spoofa Moolenaar: phishing con WhirlCoil, C2 su Google Sheets e Zoho, persistenza via VS Code Remote Tunnels contro esperti USA-Cina.

#apt41 #GoogleSheets #TA415 #VisualStudio
www.matricedigitale.it/2025/09/19/t...

TA415 VS Code Remote Tunnel infection chain.

Key finding 2️⃣: Instead of traditional #malware, the campaigns deployed Visual Studio Code Remote Tunnels.

This is likely a concerted effort from #TA415 to blend in with existing legitimate traffic to trusted services, including Google Sheets/Calendar, & VS Code Remote Tunnels.

Going Underground: China-aligned TA415 Conducts U.S.-China Economic Relations Targeting Using VS Code Remote Tunnels | Proofpoint US What happened  Throughout July and August 2025, TA415 conducted spearphishing campaigns targeting United States government, think tank, and academic organizations utilizing U.S.-China

Proofpoint threat researchers have published new research identifying a new cyber-espionage campaign by #TA415 (#APT41), a China-aligned threat actor, exploiting growing uncertainty in U.S.-China economic relations.

Blog: www.proofpoint.com/us/blog/thre....

TA415, allineato alla Cina, usa phishing e KEYPLUG/Cobalt Strike per spionaggio economico USA-Cina: TTP, impatti e IOC secondo Proofpoint.

#apt #cina #CobaltStrike #KEYPLUG #phishing #proofpoint #TA415
www.matricedigitale.it/2025/09/17/t...