EggStreme Fileless Malware Used in Philippine Military Breach
Summary
Hide â˛
Show âŧ
An unknown Chinese APT group has compromised a Philippine military company using a new fileless malware framework called EggStreme. The malware is designed for persistent, low-profile espionage and includes capabilities for system reconnaissance, lateral movement, and data theft. The attack began in early 2024 and has been attributed to a Chinese APT group based on objectives and interests. The malware's fileless nature and use of DLL sideloading make it difficult to detect and mitigate.
Timeline
-
10.09.2025 18:46 đ° 1 articles
EggStreme Fileless Malware Detected in Philippine Military Breach
In early 2024, Bitdefender detected signs of malicious activity involving the EggStreme fileless malware framework. The malware was used by an unknown Chinese APT group to compromise a Philippine military company. The attack aligns with Chinese APT objectives, targeting geopolitical tensions in the South China Sea.
Show sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46
Information Snippets
-
The EggStreme malware framework is composed of multiple components, including EggStremeAgent, EggStremeFuel, EggStremeLoader, and EggStremeReflectiveLoader.
First reported: 10.09.2025 18:46đ° 1 source, 1 articleShow sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46
-
EggStremeAgent is a backdoor that enables extensive system reconnaissance, lateral movement, and data theft via an injected keylogger.
First reported: 10.09.2025 18:46đ° 1 source, 1 articleShow sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46
-
The malware uses DLL sideloading to execute payloads and establish persistence on infected machines.
First reported: 10.09.2025 18:46đ° 1 source, 1 articleShow sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46
-
EggStremeFuel is the initial payload that conducts system profiling and deploys subsequent components.
First reported: 10.09.2025 18:46đ° 1 source, 1 articleShow sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46
-
The malware communicates with a command-and-control (C2) server using the Google Remote Procedure Call (gRPC) protocol.
First reported: 10.09.2025 18:46đ° 1 source, 1 articleShow sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46
-
The attack began in early 2024 and was detected by Bitdefender.
First reported: 10.09.2025 18:46đ° 1 source, 1 articleShow sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46
-
The malware's fileless nature and sophisticated execution flow make it difficult to detect and mitigate.
First reported: 10.09.2025 18:46đ° 1 source, 1 articleShow sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46
-
The attack aligns with Chinese APT objectives, targeting geopolitical tensions in the South China Sea.
First reported: 10.09.2025 18:46đ° 1 source, 1 articleShow sources
- Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems â thehackernews.com â 10.09.2025 18:46