MEDIUMApt
Global

Chinese Hacking Firm Upgrades With New Windows Backdoor

·Source: Bank Info Security

Updated:

Executive Summary

Researchers Identified Two Undocumented Variants Used Since 2023 Eset uncovered two previously undocumented Windows variants of the China-linked SprySocks backdoor tied to FishMonger and iSoon, revealing expanded espionage

Analysis

Researchers Identified Two Undocumented Variants Used Since 2023 Eset uncovered two previously undocumented Windows variants of the China-linked SprySocks backdoor tied to FishMonger and iSoon, revealing expanded espionage capabilities, rootkit-based stealth and continued targeting of government organizations across Asia and Central America.

Indicators of Compromise (2)

URL (1)
https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/chinese-hacking-firm-upgrades-new-windows-backdoor-image_small-10-a-31977.jpg
VirusTotalURLhaus
Domain (1)
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
VirusTotalURLhaus
Source Attribution

Originally published by Bank Info Security on Jun 16, 2026.

Related Threats

MEDIUMVulnerability

Can CISOs Trust Their Applications? TrustCloud Wants to Replace the Questionnaire

By continuously analyzing security, infrastructure, and governance data, TrustCloud aims to give CISOs a real-time view of application risk and board-ready assurance. The post Can CISOs Trust Their Applications? TrustCloud Wants to Replace the Questionnaire appeared first on SecurityWeek .

SecurityWeek
CRITICALApt

Rockwell Automation FLEX I/O EtherNet/IP Adapters

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-167-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability.</strong></p> <p>The following versions of Rockwell Automation FLEX I/O EtherNet/IP

CVE-2026-0646CVE-2026-0647
CISA Advisories
LOWApt

China-linked hackers target US, Canada research using legacy REDCap exploits

Google is warning of a cyber espionage campaign linked to a China-nexus threat actor, UNC6508, that kept close tabs on valuable US and Canadian research environments for over a year. The campaign abused REDCap, a widely adopted platform for collecting and managing research data. Attackers, now disrupted, intercepted REDCap’s upgrade process to inject persistence malware. According to Google’s Thre

CSO Online