216.73.217.176

Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor

· Published 18/05/2026 21:29 · Modified 18/05/2026 19:56

Export JSON

Essential information

Published
18/05/2026 21:29
Modified
18/05/2026 19:56
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
anomalous file apt chinese rat remote access twill typhoon visual studio
Tags
2026-05-18 anomalous file apt chinese rat remote access twill typhoon visual studio
Related entities
3 indicators, 3 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 others

Description

Beginning in late September 2025, multiple affected hosts were observed making requests to domains impersonating content delivery networks (CDNs), including infrastructure masquerading as Yahoo- and Apple-affiliated services. Across these cases, Darktrace identified a consistent behavioral execution pattern: the retrieval of legitimate binaries alongside malicious Dynamic Link Libraries (DLLs), enabling sideloading and execution of a modular .NET-based Trojan () framework.

External references