New APT-Q-27 sample spotted
Essential information
- Published
- 17/06/2026 10:46
- Modified
- 17/06/2026 09:20
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- apt-q-27 chinese threat actor digital signature abuse dll side-loading dropper tencent
- Tags
- 2026-06-17 apt-q-27 chinese threat actor digital signature abuse dll side-loading dropper tencent
- Related entities
- 2 indicators, 2 observables, 1 intrusion sets (apt), 8 techniques (mitre), 1 others
Description
A new campaign has been identified utilizing a valid digital signature from a Chinese technology company that remains unrevoked. The attack chain employs a dropper that retrieves an extension-based module list from command and control infrastructure. The malicious payloads exploit DLL Side-Loading techniques through a legitimate Tencent-signed executable to achieve code execution. The infrastructure includes Google Cloud Storage and a dedicated domain for command and control operations. Multiple components have been identified including an EXE dropper, DLL loader, DAT payload, and the legitimate Tencent executable used for side-loading purposes.