China-Linked Actors Target U.S. Policy-Oriented Non-Profit Organisations (Campaign)

A China-linked espionage campaign targeted a U.S. policy-focused non-profit in April 2025, using widespread scanning and exploitation of multiple known vulnerabilities to gain access. Operators established persistence via scheduled tasks calling msbuild/csc, performed DLL sideloading through a legitimate VipreAV component to load a malicious DLL, deployed a custom loader (hash provided) that connected to a remote C2 (http://38.180.83.166/6CDF0FC26CDF0FC2), and used credential-extraction tools (Dcsync variant) and keylogging utilities to maintain and expand access—activities consistent with APT operations.