Chinese linked APTs have expanded the types of entities they target.

China‑linked APT groups Salt Typhoon and Twill Typhoon have broadened their targeting and refreshed their toolsets in recent campaigns. Salt Typhoon shifted toward energy‑sector targets, including an Azerbaijani oil and gas company, using Exchange exploits, web shells, and updated backdoors like Deed RAT and TernDoor. Twill Typhoon targeted Asia‑Pacific organizations with a modular .NET‑based RAT framework delivered through DLL sideloading and CDN‑impersonating infrastructure.

Read more:

https://www.securityweek.com/chinese-apts-expand-targets-update-backdoors-in-recent-campaigns/