Find notable cyber news and cases, enriched with sources, timelines, and signals.

APT24 BadAudio multi-delivery espionage campaign

Campaign
First reported
Last updated
Happening score
H score 54
2 unique sources, 2 articles

Summary

Hide ▲

APT24 is running a three-year espionage campaign with BadAudio that has expanded into multiple delivery methods, increasing the operation's reach and stealth. Since 2022, the group has used spearphishing, supply-chain compromise, and watering hole attacks to deliver the malware. The campaign compromised more than 20 legitimate public websites and later abused a Taiwanese marketing firm's JavaScript supply chain to reach more than 1,000 domains. The targeting focused exclusively on Windows systems, and a separate spearphishing wave began in August 2024 using animal-rescue lures and cloud services.

Related Happenings

Rokarolla device-profiling targeting campaign

Campaign
H score32 First: 16.06.2026 23:04 Last: 16.06.2026 23:04 Sources 1

About this happening: The **Rokarolla** Android campaign now profiles infected devices to assign a **unique identifier** to each victim, enabling repeated tracking and coordinated financial-fraud activ...

UNC6508 China-linked REDCap espionage campaign

Campaign
H score39 First: 15.06.2026 17:00 Last: 15.06.2026 17:00 Sources 1

About this happening: **UNC6508** ran a **China-linked espionage campaign** against **exposed REDCap servers** used by **North American medical, academic, and military research networks**. The operatio...

Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations

Threat Actor Meta
H score69 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...

Outsider Telegram-run smishing campaign targeting Americans

Campaign
H score53 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...

Latest development: 14.06.2026 17:36

The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.

AudiA6 laundering ecosystem and Dark2Web forum

Threat Actor Meta
H score31 First: 11.06.2026 18:55 Last: 11.06.2026 18:55 Sources 1

About this happening: **AudiA6** was disrupted as an **industrial-scale cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks. Europol said the ecosystem lau...

Timeline

  1. 21.11.2025 00:12 2 articles · 7mo ago

    APT24 BadAudio espionage campaign disclosed

    Initial Disclosure

    Google Threat Intelligence Group described APT24 as running a three-year espionage campaign with previously undocumented BadAudio malware against Windows systems, using spearphishing, supply-chain compromise, and watering hole attacks. The campaign compromised more than 20 legitimate public websites from November 2022 until at least September 2025, repeatedly compromised a digital marketing company in Taiwan that distributed JavaScript libraries, enabled compromise of more than 1,000 domains, and in some spearphishing variants used animal-rescue lures, Google Drive, and OneDrive for delivery.

    Show sources