Silver Dragon assessed within the APT41 umbrella
Threat Actor Meta
Summary
Hide ▲
Show ▼
Silver Dragon is now assessed to operate within the APT41 umbrella, sharpening attribution for a cluster active against Europe, Southeast Asia, and government entities since mid-2024. The linkage matters because it connects the group to a broader China-nexus ecosystem known for adaptable tooling and cross-campaign tradecraft reuse. Researchers tied the assessment to overlaps in post-exploitation scripts and loader behavior, which raises confidence that the cluster is part of a larger adversary operating model.
Related Happenings
Hugging Face shared-loader supply chain campaign
Campaign
First: 11.05.2026 10:05
Last: 11.05.2026 10:05
Sources 1
About this happening:
A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....
Hugging Face shared-loader supply chain campaign
CampaignAbout this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
UAT-9244 South America telecom targeting campaign
Campaign
First: 06.03.2026 01:19
Last: 06.03.2026 01:19
Sources 1
About this happening:
UAT-9244 is a China-linked campaign targeting telecommunication providers in South America since 2024. It compromises Windows, Linux, and edge devices to expand access across tele...
UAT-9244 South America telecom targeting campaign
CampaignAbout this happening: UAT-9244 is a China-linked campaign targeting telecommunication providers in South America since 2024. It compromises Windows, Linux, and edge devices to expand access across tele...
Latest development: 06.03.2026 10:22
The first documented phase centers on **TernDoor** targeting **Windows** hosts through **DLL side-loading** with `wsprint.exe` and `BugSplatRc64.dll`. After launch, it loads in memory and establishes persistence through a scheduled task or the Registry Run key.
Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan
Campaign
First: 04.03.2026 10:14
Last: 04.03.2026 10:14
Sources 1
How related:
"Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said in a technical report.
About this happening:
The **Silver Dragon** campaign is actively using **public-facing internet servers** and **phishing emails with malicious attachments** to gain initial access, expanding risk acros...
Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan
CampaignHow related: "Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said in a technical report.
About this happening: The **Silver Dragon** campaign is actively using **public-facing internet servers** and **phishing emails with malicious attachments** to gain initial access, expanding risk acros...
India-aligned clusters show shared resourcing and coordinated tasking
Threat Actor Meta
First: 04.03.2026 00:24
Last: 04.03.2026 00:24
Sources 1
About this happening:
Researchers identified **shared resourcing** and **coordinated tasking** across some **India-aligned clusters**, suggesting a more connected regional **threat-actor ecosystem**. T...
India-aligned clusters show shared resourcing and coordinated tasking
Threat Actor MetaAbout this happening: Researchers identified **shared resourcing** and **coordinated tasking** across some **India-aligned clusters**, suggesting a more connected regional **threat-actor ecosystem**. T...
Timeline
-
04.03.2026 10:14 2 articles · 2mo ago
Silver Dragon assessed within APT41 umbrella
Attribution UpdateCheck Point assessed Silver Dragon as operating within the APT41 umbrella after identifying overlaps in post-exploitation installation scripts and BamboLoader decryption behavior across activity targeting government entities in Europe, Southeast Asia, and Uzbekistan.
Show sources
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 — thehackernews.com — 04.03.2026 10:14
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 — thehackernews.com — 04.03.2026 10:14