{"id":133852,"date":"2025-11-20T05:50:10","date_gmt":"2025-11-20T05:50:10","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=133852"},"modified":"2025-11-20T05:50:14","modified_gmt":"2025-11-20T05:50:14","slug":"china-nexus-apt-group-leverages-dll-sideloading-technique","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/","title":{"rendered":"China-Nexus APT Group Leverages\u00a0DLL Sideloading Technique to Attack Government and Media Sectors"},"content":{"rendered":"\n

A targeted cyber espionage campaign has emerged across Southeast Asia, specifically affecting government and media organizations in countries surrounding the South China Sea.<\/p>\n\n\n\n

The campaign, which has been actively monitored since early 2025, demonstrates advanced persistent threat characteristics with a focus on nations including Laos, Cambodia, Singapore, the Philippines, and Indonesia.<\/p>\n\n\n\n

The attack chain begins with a seemingly legitimate file named “Proposal_for_Cooperation_3415.05092025.rar” that exploits CVE-2025-8088, a path traversal vulnerability in WinRAR software.<\/p>\n\n\n\n

The attackers employ a multi-stage infection process that showcases their technical expertise and strategic planning.<\/p>\n\n\n\n

Initial compromise occurs through spear-phishing emails containing the malicious RAR archive, which automatically triggers the vulnerability when victims attempt to extract the contents.<\/p>\n\n\n\n

This exploitation allows the threat actors to install a persistence script in the user’s startup folder using path traversal combined with an Alternative Data Stream technique.<\/p>\n\n\n\n

CyberArmor security researchers identified<\/a> this sophisticated operation while tracking sustained espionage activities targeting critical infrastructure and information sectors.<\/p>\n\n\n\n

The campaign demonstrates a clear preference for DLL sideloading techniques throughout multiple stages of infection.<\/p>\n\n\n\n

Governments and media organizations represent high-value targets because they directly influence policy decisions, shape public opinion, and determine international strategic alignment.<\/p>\n\n\n

\n
\"The
The WinRAR file will drop a batch file, which in turn will download the next (Source – CyberArmor)<\/figcaption><\/figure><\/div>\n\n\n

The malicious campaign operates through four distinct stages, each designed to maintain persistence<\/a> while avoiding detection by security products.<\/p>\n\n\n\n

After the initial dropper executes, a batch script named “Windows Defender Definition Update.cmd” downloads additional payloads from Dropbox and establishes registry-based persistence.<\/p>\n\n\n\n

The subsequent stages involve legitimate software components like OBS browser and Adobe Creative Cloud Helper being exploited to load malicious DLL files through search-order hijacking.<\/p>\n\n\n\n

Technical Breakdown of the DLL Sideloading Mechanism<\/strong><\/h2>\n\n\n\n

The DLL sideloading<\/a> technique represents the core evasion strategy employed throughout this campaign. In Stage 2, the threat actors abuse a legitimate OBS open-source browser executable to automatically load a modified libcef.dll file.<\/p>\n\n\n\n

This altered library executes malicious code<\/a> while maintaining the appearance of normal software operation. The backdoor communicates with operators through Telegram using an encrypted bot token, providing three primary commands: shell execution, screenshot capture, and file upload capabilities.<\/p>\n\n\n\n

Stage 3 continues the DLL sideloading approach by exploiting Adobe’s Creative Cloud Helper component. The legitimate “Creative Cloud Helper.exe” loads a malicious CRClient.dll file, which contains functionality to decrypt and execute the final backdoor payload stored as “Update.lib.”<\/p>\n\n\n\n

The decryption process uses a simple XOR encoding technique, demonstrating that sophisticated encryption is not always necessary for successful operations.<\/p>\n\n\n\n

The following code snippet shows the decryption function:-<\/p>\n\n\n\n

\/\/ XOR decryption with hardcoded key\nfor (size_t i = 0; i < payload_size; i++) {\n    decrypted_data[i] = encrypted_data[i] ^ 0x3c;\n}<\/code><\/pre>\n\n\n\n
The final backdoor provides comprehensive remote access capabilities through HTTPS communication with command-and-control servers located at public.megadatacloud[.]com and IP address 104.234.37[.]45.<\/p>\n\n\n\n
Network traffic remains encrypted using XOR operations, making detection challenging for traditional security monitoring<\/a> systems.<\/p>\n\n\n\n
The backdoor supports eight distinct command operations, including command execution, DLL loading, shellcode execution, file manipulation, and a kill switch function that terminates operations after random intervals.<\/p>\n\n\n\n
Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in\u00a0Google<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
A targeted cyber espionage campaign has emerged across Southeast Asia, specifically affecting government and media organizations in countries surrounding the South China Sea. The campaign, which has been actively monitored since early 2025, demonstrates advanced persistent threat characteristics with a focus on nations including Laos, Cambodia, Singapore, the Philippines, and Indonesia. The attack chain begins […]<\/p>\n","protected":false},"author":6,"featured_media":133869,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,48],"tags":[149,151],"class_list":{"0":"post-133852","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-threats","9":"tag-cyber-security","10":"tag-cyber-security-news"},"yoast_head":"\nChina-Nexus APT Group Leverages\u00a0DLL Sideloading Technique to Attack Government and Media Sectors<\/title>\n<meta name=\"description\" content=\"A Southeast Asia cyber-espionage campaign targets governments via a fake WinRAR file exploiting CVE-2025-8088 in a multi-stage attack.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"China-Nexus APT Group Leverages\u00a0DLL Sideloading Technique to Attack Government and Media Sectors\" \/>\n<meta property=\"og:description\" content=\"A Southeast Asia cyber-espionage campaign targets governments via a fake WinRAR file exploiting CVE-2025-8088 in a multi-stage attack.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-20T05:50:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-20T05:50:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"China-Nexus APT Group Leverages\u00a0DLL Sideloading Technique to Attack Government and Media Sectors","description":"A Southeast Asia cyber-espionage campaign targets governments via a fake WinRAR file exploiting CVE-2025-8088 in a multi-stage attack.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/","og_locale":"en_US","og_type":"article","og_title":"China-Nexus APT Group Leverages\u00a0DLL Sideloading Technique to Attack Government and Media Sectors","og_description":"A Southeast Asia cyber-espionage campaign targets governments via a fake WinRAR file exploiting CVE-2025-8088 in a multi-stage attack.","og_url":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-11-20T05:50:10+00:00","article_modified_time":"2025-11-20T05:50:14+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"China-Nexus APT Group Leverages\u00a0DLL Sideloading Technique to Attack Government and Media Sectors","datePublished":"2025-11-20T05:50:10+00:00","dateModified":"2025-11-20T05:50:14+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/"},"wordCount":525,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/#primaryimage"},"thumbnailUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news"],"articleSection":["Cyber Security News","Threats"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/","url":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/","name":"China-Nexus APT Group Leverages\u00a0DLL Sideloading Technique to Attack Government and Media Sectors","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/#primaryimage"},"thumbnailUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-11-20T05:50:10+00:00","dateModified":"2025-11-20T05:50:14+00:00","description":"A Southeast Asia cyber-espionage campaign targets governments via a fake WinRAR file exploiting CVE-2025-8088 in a multi-stage attack.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/#primaryimage","url":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/china-nexus-apt-group-leverages-dll-sideloading-technique\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"China-Nexus APT Group Leverages\u00a0DLL Sideloading Technique to Attack Government and Media Sectors"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjB2d0ZvaSFimZH29xXbFZndNRmC-Zk_Lrld9qO_C5W764dh8qk0-3yjNEC4bwFgXbD00L61xov7TXhV42VTSxdUuVtbK-xy9fTC5ezRGIiZXfj1YjLBNTemf8m2TYIVXZpaHd21sYMsVNlOoybBu-aa8p0_f9tVpB6v0dPxaipr-Ft0IcCy-M4HAZA0uE\/s16000\/China-Nexus%20APT%20Group%20Leverages%C2%A0DLL%20Sideloading%20Technique%20to%20Attack%20Government%20and%20Media%20Sectors.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=133852"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133852\/revisions"}],"predecessor-version":[{"id":133868,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133852\/revisions\/133868"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/133869"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=133852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=133852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=133852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}