Find notable cyber news and cases, enriched with sources, timelines, and signals.

Silver Dragon assessed within the APT41 umbrella

Threat Actor Meta
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Silver Dragon is now assessed to operate within the APT41 umbrella, sharpening attribution for a cluster active against Europe, Southeast Asia, and government entities since mid-2024. The linkage matters because it connects the group to a broader China-nexus ecosystem known for adaptable tooling and cross-campaign tradecraft reuse. Researchers tied the assessment to overlaps in post-exploitation scripts and loader behavior, which raises confidence that the cluster is part of a larger adversary operating model.

Related Happenings

GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem

Threat Actor Meta
H score15 First: 29.05.2026 14:31 Last: 29.05.2026 14:31 Sources 1

About this happening: A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...

Hugging Face shared-loader supply chain campaign

Campaign
H score79 First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
H score58 First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 03.06.2026 14:00

President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.

UAT-9244 South America telecom targeting campaign

Campaign
H score33 First: 06.03.2026 01:19 Last: 06.03.2026 01:19 Sources 1

About this happening: UAT-9244 is a China-linked campaign targeting telecommunication providers in South America since 2024. It compromises Windows, Linux, and edge devices to expand access across tele...

Latest development: 06.03.2026 10:22

The first documented phase centers on **TernDoor** targeting **Windows** hosts through **DLL side-loading** with `wsprint.exe` and `BugSplatRc64.dll`. After launch, it loads in memory and establishes persistence through a scheduled task or the Registry Run key.

Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan

Campaign
H score36 First: 04.03.2026 10:14 Last: 04.03.2026 10:14 Sources 1

How related: "Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said in a technical report.

About this happening: The **Silver Dragon** campaign is actively using **public-facing internet servers** and **phishing emails with malicious attachments** to gain initial access, expanding risk acros...

Timeline

  1. 04.03.2026 10:14 2 articles · 4mo ago

    Silver Dragon assessed within APT41 umbrella

    Attribution Update

    Check Point assessed Silver Dragon as operating within the APT41 umbrella after identifying overlaps in post-exploitation installation scripts and BamboLoader decryption behavior across activity targeting government entities in Europe, Southeast Asia, and Uzbekistan.

    Show sources