Silver Dragon assessed within the APT41 umbrella
Threat Actor Meta
Summary
Hide ▲
Show ▼
Silver Dragon is now assessed to operate within the APT41 umbrella, sharpening attribution for a cluster active against Europe, Southeast Asia, and government entities since mid-2024. The linkage matters because it connects the group to a broader China-nexus ecosystem known for adaptable tooling and cross-campaign tradecraft reuse. Researchers tied the assessment to overlaps in post-exploitation scripts and loader behavior, which raises confidence that the cluster is part of a larger adversary operating model.
Related Happenings
GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem
Threat Actor Meta
H score15
First: 29.05.2026 14:31
Last: 29.05.2026 14:31
Sources 1
About this happening:
A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...
GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem
Threat Actor MetaAbout this happening: A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...
Hugging Face shared-loader supply chain campaign
Campaign
H score79
First: 11.05.2026 10:05
Last: 11.05.2026 10:05
Sources 1
About this happening:
A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....
Hugging Face shared-loader supply chain campaign
CampaignAbout this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
H score58
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 03.06.2026 14:00
President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.
UAT-9244 South America telecom targeting campaign
Campaign
H score33
First: 06.03.2026 01:19
Last: 06.03.2026 01:19
Sources 1
About this happening:
UAT-9244 is a China-linked campaign targeting telecommunication providers in South America since 2024. It compromises Windows, Linux, and edge devices to expand access across tele...
UAT-9244 South America telecom targeting campaign
CampaignAbout this happening: UAT-9244 is a China-linked campaign targeting telecommunication providers in South America since 2024. It compromises Windows, Linux, and edge devices to expand access across tele...
Latest development: 06.03.2026 10:22
The first documented phase centers on **TernDoor** targeting **Windows** hosts through **DLL side-loading** with `wsprint.exe` and `BugSplatRc64.dll`. After launch, it loads in memory and establishes persistence through a scheduled task or the Registry Run key.
Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan
Campaign
H score36
First: 04.03.2026 10:14
Last: 04.03.2026 10:14
Sources 1
How related:
"Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said in a technical report.
About this happening:
The **Silver Dragon** campaign is actively using **public-facing internet servers** and **phishing emails with malicious attachments** to gain initial access, expanding risk acros...
Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan
CampaignHow related: "Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said in a technical report.
About this happening: The **Silver Dragon** campaign is actively using **public-facing internet servers** and **phishing emails with malicious attachments** to gain initial access, expanding risk acros...
Timeline
-
04.03.2026 10:14 2 articles · 4mo ago
Silver Dragon assessed within APT41 umbrella
Attribution UpdateCheck Point assessed Silver Dragon as operating within the APT41 umbrella after identifying overlaps in post-exploitation installation scripts and BamboLoader decryption behavior across activity targeting government entities in Europe, Southeast Asia, and Uzbekistan.
Show sources
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 — thehackernews.com — 04.03.2026 10:14
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 — thehackernews.com — 04.03.2026 10:14