APT Meets GPT: Targeted Operations with Untamed LLMs

Volexity describes UTA0388, a China-aligned threat actor using tailored spear-phishing (including rapport-building phishing) to deliver a multi-variant backdoor family called GOVERSHELL via hosted ZIP/RAR archives that exploit search-order hijacking; the report details malware capabilities, diverse C2 mechanisms, infrastructure and IOCs, and assesses the actor likely leverages LLMs to generate and scale phishing content.