Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Sogou Zhuyin hit by network compromise

Incident
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

The Sogou Zhuyin update server takeover turned a trusted software channel into a malicious update path, enabling malware delivery to unsuspecting users. The compromise began in October 2024 after attackers seized the lapsed sogouzhuyin[.]com domain tied to the IME service. The abuse helped distribute C6DOOR, GTELAM, DESFY, and TOSHIS, with several hundred victims impacted.

Related Happenings

Augmented Marauder / Water Saci multi-pronged phishing campaign targeting Latin America and Europe

Campaign
First: 01.04.2026 15:36 Last: 01.04.2026 15:36 Sources 1

About this happening: **Water Saci** is actively evolving a **WhatsApp Web worm** in **Brazil** that uses **HTA** and **PDF** lures to deliver a **banking trojan**. The latest wave shifts from **PowerS...

Open Happening

VENON Rust-based banking malware targeting Brazilian Windows users

Malware Activity
First: 12.03.2026 19:31 Last: 12.03.2026 19:31 Sources 1

About this happening: Researchers disclosed **VENON**, a new **Rust-based banking malware** aimed at **Brazilian Windows users**, raising the risk of **credential theft** through fake banking overlays....

Open Happening

BadIIS malware deployment on compromised IIS servers in Thailand and Vietnam

Malware Activity
First: 30.01.2026 14:08 Last: 30.01.2026 14:08 Sources 1

About this happening: **BadIIS** is a **malicious native IIS module** used on **compromised IIS servers** to support **SEO fraud** and traffic manipulation. **Cisco Talos** says the activity is tied to...

Open Happening

LongNosedGoblin cyber-espionage campaign targeting government entities in Southeast Asia and Japan

Campaign
First: 18.12.2025 19:34 Last: 18.12.2025 19:34 Sources 1

About this happening: A **LongNosedGoblin** campaign is targeting **governmental entities in Southeast Asia and Japan**, creating a sustained risk of **cyber espionage** and **file exfiltration** insid...

Open Happening

APT24 BadAudio multi-delivery espionage campaign

Campaign
First: 21.11.2025 00:12 Last: 21.11.2025 00:12 Sources 1

About this happening: **APT24** is running a **three-year espionage campaign** with **BadAudio** that has expanded into multiple delivery methods, increasing the operation's reach and stealth. Since **...

Open Happening

Timeline

  1. 29.08.2025 16:12 2 articles · 9mo ago

    Initial report: Sogou Zhuyin hit by network compromise

    Initial Disclosure

    In **October 2024**, attackers took control of the lapsed **sogouzhuyin[.]com** domain linked to **Sogou Zhuyin** and began serving malicious updates. The first phase replaced a trusted update channel with a malware-delivery path.

    Show sources
    Open in new tab