SoundBill

Cisco Talos links a China-aligned APT cluster, UAT-7237, to attacks on Taiwan’s web infrastructure, using customized open-source tooling and a SoundBill shellcode loader to deploy backdoors and credentials-stealing utilities. The operation, active since 2022 and considered a sub-group of UAT-5918, also employs VPN persistence and RDP access, with updates to embed Mimikatz and broader lateral…