C6DOOR

A June 2025 reveal shows attackers hijacking an abandoned Sogou Zhuyin update server to deploy multiple spyware and backdoors (TOSHIS, DESFY, GTELAM, C6DOOR) in a campaign targeting East Asia and overseas Chinese communities, with phishing and OAuth abuse used to gain access to high-value targets.