Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor
Essential information
- Published
- 18/05/2026 21:29
- Modified
- 18/05/2026 19:56
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- anomalous file apt chinese rat remote access twill typhoon visual studio
- Tags
- 2026-05-18 anomalous file apt chinese rat remote access twill typhoon visual studio
- Related entities
- 3 indicators, 3 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 others
Description
Beginning in late September 2025, multiple affected hosts were observed making requests to domains impersonating content delivery networks (CDNs), including infrastructure masquerading as Yahoo- and Apple-affiliated services. Across these cases, Darktrace identified a consistent behavioral execution pattern: the retrieval of legitimate binaries alongside malicious Dynamic Link Libraries (DLLs), enabling sideloading and execution of a modular .NET-based Remote Access Trojan (RAT) framework.