A sophisticated cyber-attack campaign led by the China-linked hacker group APT24 has been uncovered, leveraging a malicious downloader known as “BadAudio” to compromise legitimate websites and target organisations—especially in Taiwan.
Operating since late 2022, APT24 injected malicious JavaScript into more than twenty legitimate public websites, redirecting visitors to attacker-controlled infrastructure.
The group’s tactics have evolved from broad web-compromises to more precise supply-chain attacks via regional digital-marketing firms, and spear-phishing designed to exploit organisational trust.
BadAudio serves as a first-stage downloader giving persistent access to compromised networks, marking a technical escalation in APT24’s capabilities.
The campaign underscores the growing threat of state-backed cyber intrusions targeting critical infrastructure and trusted web assets.
Leave a Comment