216.73.217.86

Jewelbug: Chinese APT Group Widens Reach to Russia

· Published 24/10/2025 09:16 · Modified 24/10/2025 10:05

Export JSON

Essential information

Published
24/10/2025 09:16
Modified
24/10/2025 10:05
Tags
2025-10-24 byovd dll sideloading squidoor
Related entities
27 observables, 1 intrusion sets (apt), 3 techniques (mitre), 6 malware, 4 others

Description

A Chinese APT group named Jewelbug has expanded its operations to target organizations in South America, South Asia, Taiwan, and Russia. The group's recent intrusion into a Russian IT service provider lasted for five months in 2025, potentially aiming for a supply chain attack. Jewelbug has deployed new backdoors, including one leveraging Microsoft Graph API and OneDrive for command and control. The group's tactics include using legitimate tools, , and the bring-your-own-vulnerable-driver technique. Notably, Jewelbug's targeting of Russian organizations marks a shift in Chinese cyber operations, previously considered to be allied with Russia.

External references