TZUTC: -0500   
   MSGID: 1493.consprcy@1:2320/105 2d296bff   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   China-related threat actors deployed a new fileless malware against the   
   Philippines military   
      
   Date:   
   Thu, 11 Sep 2025 20:12:00 +0000   
      
   Description:   
   An unknown threat actor with an unknown malware framework, doing   
   reconnaissance and espionage.   
      
   FULL STORY   
      
   A Chinese threat actor attacked a Philippine military company with a   
   never-before-seen, fileless malware framework, researchers warned.    
      
   Earlier this week, cybersecurity outfit Bitdefender published an in-depth   
   report about EggStreme, a multi-stage toolset that achieves low-profile   
   espionage by injecting malicious code directly into memory and leveraging DLL   
   sideloading to execute payloads.    
      
   It counts six different components: EggStremeFuel (initial loader DLL,   
   sideloaded via a legitimate binary and establishes a reverse shell),   
   EggStremeLoader (reads encrypted payloads and injects them into processes),   
   EggStremeReflectiveLoader (decrypts and injects the final payload),   
   EggStremeAgent (main backdoor implant with 58 commands), EggStremeKeylogger   
   (grabs keystrokes and sensitive user data), and EggStremeWizard (secondary   
   backdoor for redundancy).   
      
   Sideloading DLLs    
      
   Bitdefender tried to link the framework to known Chinese APT players, but   
   failed to find a plausible connection, The Hacker News reported. "We put    
   quite a lot of effort into attribution efforts, but couldn't find anything,"   
   Martin Zugec, technical solutions director at Bitdefender, told the   
   publication. "However, objectives align with Chinese APTs. For this one, our   
   attribution is based on interests/objectives."    
      
   The objectives for this one, it seems, are cyber-espionage, reconnaissance,   
   and long-term, low-profile persistence, something Chinese actors are known    
   for - not just in the Philippines, but elsewhere in the region (Vietnam,   
   Taiwan, and other neighboring countries), as well as around the world.    
      
   Salt Typhoon is perhaps the most documented Chinese APT out there, and it was   
   recently caught in numerous telecommunications service provider companies in   
   the US.    
      
   The EggStreme malware framework is delivered via a side-loaded DLL file. This   
   file was activated using trusted executables, allowing it to bypass security   
   controls. However, how the DLL file was dropped onto the victims device in    
   the first place, remains unknown.    
      
   Usual methods include supply chain compromise, deploying the DLL manually    
   (via previously obtained access), or through drive-by compromise and lateral   
   movement.    
      
    Via The Hacker News   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/china-related-threat-actors-deployed-a-   
   new-fileless-malware-against-the-philippines-military   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426