Sentinel Labs cybersecurity experts: The the pro-China APT seeks initial access via document lures with porn themes and makes heavy use of USB shortcut techniques to spread malware.
Symantec cybersecurity experts: The China-linked APT used unpatched vulnerabilities in Microsoft Exchange, the Sodamaster backdoor and other custom malware and tools.
ESET cybersecurity experts: The China-linked APT exploits the Korplug malware variant with decoy documents on Russia’s invasion of Ukraine and COVID-19.