Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns
Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT. The post Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns appeared first on SecurityWeek.
China-linked state-sponsored hackers have been observed expanding their targets and updating malicious tools in fresh campaigns that either follow known patterns or adapt to current political events.
Between December 2025 and February 2026, Salt Typhoon, also known as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, and considered one of the most aggressive Chinese APTs, was seen targeting an Azerbaijani oil and gas company, Bitdefender reports.
The campaign marked a shift from typical Salt Typhoon activity and was apparently aimed at government, telecoms, and technology entities in the US, Asia, the Middle East, and Africa, likely triggered by Azerbaijan’s recently increased role in European energy security.
Source: https://www.securityweek.com/chinese-apts-expand-targets-update-backdoors-in-recent-campaigns/
Related breach coverage
- Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI2026-05-21
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek.
- AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop2026-05-20
Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of release across every industry. The post AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop appeared first on SecurityWeek.
- 201 Arrested in Crackdown on Cybercrime in Middle East, North Africa2026-05-19
The 13-country effort, named Operation Ramz, targeted cyber threats in the Middle East and North Africa region. The post 201 Arrested in Crackdown on Cybercrime in Middle East, North Africa appeared first on SecurityWeek.
- Grafana Confirms Breach After Hackers Claim They Stole Data2026-05-18
Grafana appears to have been targeted by Coinbase Cartel, a cybercrime group linked to ShinyHunters, Scattered Spider, and Lapsus$. The post Grafana Confirms Breach After Hackers Claim They Stole Data appeared first on SecurityWeek.